Content Service Steering

Content Service Steering
 
This chapter provides information on configuring Content Service Steering (CSS). The product administration guides provide provides examples and procedures for configuration of basic services on the system. You should select the configuration example that best meets your service model, and configure the required elements for that model as described in the respective product administration guide, before using the procedures in this appendix.
Important: Internal CSS is a generic feature, if an ECSv2 license is installed on your system, internal CSS can be enabled. A separate license is not required to enable internal CSS. Contact your local Cisco account representative for information on how to obtain a license.
This chapter contains the following topics:
Overview
Content Service Steering (CSS) selectively directs subscriber traffic to In-line services internal to the system based on data content presented by mobile subscribers. CSS is a broad term that includes features such as NAT, HTTP redirection, and DNS redirection.
CSS uses Access Control Lists (ACLs) to redirect subscriber traffic flows. ACLs control the flow of packets into and out of the system. ACLs consist of “rules” (ACL rules) or filters that control the action taken on packets matching the filter criteria.
ACLs are configurable on a per-context basis and applies to a subscriber through either a subscriber profile (or an APN profile in the destination context. For additional information, refer to the Access Control Lists appendix in this guide
Configuring Internal Content Service Steering
To configure and activate a single CSS service for redirecting all of a subscriber’s IP traffic to an internal in-line service:
Step 1
Step 2
Optional: Apply an ACL to an individual subscriber as described in the Applying an ACL to an Individual Subscriber (Optional) section.
Step 3
Optional: Apply a single ACL to multiple subscribers as described in the Applying an ACL to Multiple Subscribers (Optional) section.
Step 4
Optional: Apply an ACL to multiple subscribers via APNs as described in the Applying an ACL to Multiple Subscribers via APNs (Optional) section.
Step 5
Important: Commands used in the configuration examples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. Not all commands or keywords/variables may be supported or available. Availability varies on the platform type and installed license(s).
Defining IP Access Lists for Internal CSS
IP ACLs specify what type of subscriber traffic and which direction (uplink, downlink, or both) traffic is redirected. The IP ACL must be specified in the context in which subscriber authentication is performed.
Caution: To minimize the risk of data loss, do not make configuration changes to ACLs while the system is facilitating subscriber sessions.
Use the following configuration example to define an IP ACL for internal CSS; start in the Exec mode of the CLI:
configure
  context <context_name>
     ip access-list <acl_name>
        redirect css service <service_name> <keywords> <options>
        end
Notes:
<service_name> must be an ACL service name.
For information on the keywords and options available with the redirect css service command, see the ACL Configuration Mode Commands chapter of the Command Line Interface Reference.
For IPv6 ACLs, the same configurations must be done in the IPv6 ACL Configuration Mode. See the IPv6 ACL Configuration Mode Commands chapter of the Command Line Interface Reference.
Applying an ACL to an Individual Subscriber (Optional)
For information on how to apply an ACL to an individual subscriber, refer to the Applying an ACL to an Individual Subscriber section of the Access Control Lists appendix.
Applying an ACL to Multiple Subscribers (Optional)
IP ACLs are applied to subscribers via attributes in their profiles. The subscriber profile can be configured locally on the system or remotely on a RADIUS server.
The system provides for the configuration of subscriber functions that serve as default values when specific attributes are not contained in the individual subscriber’s profile. When configured properly, the functions can be used to apply an ACL to:
All subscribers facilitated by specific services by applying the ACL to a subscriber profile and then using the default subscriber command to configure the service to use that subscriber as the “default” profile.
Applying an ACL to the Subscriber Named default (Optional)
For information on how to apply an ACL to the default subscriber, refer to the Applying an ACL to the Subscriber Named default section of the Access Control Lists appendix.
Applying an ACL to Service-specified Default Subscribers (Optional)
For information on how to apply an ACL to the subscriber to be used as the “default” profile by various system services, refer to the Applying an ACL to Service-specified Default Subscribers section of the Access Control Lists appendix.
Applying an ACL to Multiple Subscribers via APNs (Optional)
IP ACLs are applied to subscribers via attributes in their profiles. The subscriber profile can be configured locally on the system or remotely on a RADIUS server.
To reduce configuration time, ACLs can alternatively be applied to APN templates. When configured, any subscriber packets facilitated by the APN template would then have the associated ACL applied.
For information on how to apply an ACL to multiple subscribers via APNs, refer to the Applying a Single ACL to Multiple Subscribers via APNs section the Access Control Lists chapter.
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883