-
Cisco Content Services Gateway - 2nd Generation Release 2.0 Installation and Configuration Guide, for Cisco IOS Release 12.4(15)MD
-
About This Book
-
Overview
-
Configuring the CSG2
-
Configuring BMA Support
-
Configuring Quota Server Support
-
Configuring Service Support
-
Configuring IPC Support
-
Configuring PSD Support
-
Configuring iSCSI Support
-
Configuring RADIUS Support
-
Configuring Prepaid Support
-
CSG2 Command Reference
-
CSG2 Command History—CSG1 R7 to CSG2 R1
-
CSG2 Command History—CSG2 R1 to CSG2 R2
-
Protocol Compliance Statements for the CSG2
-
CSG2 R2 System Messages
-
Monitoring Notifications
-
Table Of Contents
Preparing to Install the CSG2 Software
Saving and Restoring CSG2 Configurations
Configuring the CSG2 User Table
Configuring the Fragment Database
Configuring Policies and Traffic Types
Configuring a Content Billing Service
Configuring Fixed, Variable, or Combined Format CDR Support
Fixed CDR Support for HTTP and WAP
Single CDR Support for HTTP and WAP
Configuring a Refund Policy on the CSG2
Configuring HTTP Header Reporting
Configuring SMTP CDR Header Removal
Configuring Supplemental Usage Reporting
Configuring Actual PDU Reporting for WAP
Configuring Maps for Pattern-Matching
Configuring Connection Redundancy
Configuring a Secondary IP Address for HA
Distributed Crash Data Collection
Configuring HA for CSG2s in Different Chassis
Configuring a CSG2 Subscriber Interface
Configuring WAP and WSP Support
Configuring the SAMI Bit Rate Limit
Configuring the SNMP Notification Types
Sample Configuration for Subscriber-to-Subscriber Traffic
Configuring Next-Hop for a Subscriber-to-Subscriber Content
Configuring Reverse Next-Hop for a Subscriber-to-Subscriber Content
Configuring Prepaid Subscriber-to-Subscriber Contents for a Service
Sample Configuration for HTTP X-Forwarded-For
Sample Configuration for High Availability
HA Configuration on the Active CSG2
HA Configuration on the Standby CSG2
Sample Configuration for HA Peer Connectivity
Sample Configuration for Supervisor Engine Side 1
Sample Configuration for CSG2 Side 1
Sample Configuration for Supervisor Engine Side 2
Sample Configuration for CSG2 Side 2
Displaying Port-Channel Information for One Side
Configuring CSG2 Network/Subscriber Traffic
Configuring the CSG2
This section describes the steps to take when installing and configuring the Content Services Gateway 2 (CSG2):
•
Preparing to Install the CSG2 Software
•
Note
Preparing to Install the CSG2 Software
Before you install the CSG2, keep the following considerations in mind:
•
–
–
–
The CSG2 does not support any earlier releases of the Cisco IOS. Therefore, you must upgrade to a Supervisor Engine running the specified Cisco IOS release or later, before installing the Service and Application Module for IP (SAMI), and before running or upgrading the CSG2 on the SAMI.
For details on upgrading the Cisco IOS release running on the Supervisor Engine, refer to the "Upgrading to a New Software Release" section in the Release Notes for Cisco IOS Release 12.2SR for the Cisco 7600 Series Routers.
For information about verifying and upgrading the LCP ROMMON image on the Cisco SAMI, see the "Manually Upgrading an LCP ROMMON Image" section in the Cisco Service and Application Module for IP User Guide.
•
•
Caution
The following example shows how to configure the Layer 3 VLAN interface:
Sup> enableSup# configure terminalSup(config)# interface vlan 130Sup(config-if)# ip address 10.10.1.10 255.255.255.0Sup(config-if)# no shutdownSup(vlan)# exit•
•
•
Sup> ?or
Sup(config)# ip csg ?The online help shows the default configuration values and the ranges that are available for each command.
Installing the CSG2 Software
You could install the CSG1 software from the Supervisor Engine boot flash memory, from a removable flash PC memory card inserted in the Supervisor Engine, or from an external TFTP server.
However, you install the CSG2 software for the SAMI, independent of the Supervisor Engine. That is, no Supervisor Engine upgrade is needed when you install the CSG2 feature enhancements.
To install the CSG2 software, follow these steps:
Step 1
Sup# enableSup# configure terminalSup(config)# svclc vlan-group group-number vlan-rangeSup(config)# svclc module slot-number vlan-group group-numberSup(config)# svclc multiple-vlan-interfaceswhere:
•
•
–
–
–
•
For example, to assign VLAN groups 1 and 6 to the CSG2 in slot 2, enter the following commands, beginning in privileged EXEC mode:
Sup# enableSup# configure terminalSup(config)# svclc vlan-group 1 5,30,43,765Sup(config)# svclc vlan-group 6 6Sup(config)# svclc module 2 vlan-group 1,6Sup(config)# svclc multiple-vlan-interfacesStep 2
Sup(config)# no ip rcmd domain-lookupStep 3
Sup(config)# ip rcmd rcp-enable
Note
Step 4
Sup(config)# ip rcmd remote-host local-username {ip-address | host | access-list} remote-username [enable [level]]where:
•
•
•
•
•
•
•
For example, to enable the CSG2 to copy commands to and from the Supervisor Engine, using remote host HOST1, at the highest privilege level, enter the following command in privileged EXEC mode:
Sup(config)# ip rcmd remote-host * HOST1 * enableStep 5
Sup(config)# ntp masterSup(config)# ntp update-calendarStep 6
Sup# upgrade hw-module slot slot-number software file namewhere:
•
•
The following message is displayed while the image is being downloaded:
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
When the download is complete, the following prompt is displayed:
Sup#Step 7
Sup# hw-module module slot-number resetwhere slot-number is the slot in which the CSG2 is installed.
The CSG2 powers down and resets.
Step 8
Sup# session slot slot-number processor 3Or Telnet to the CSG2, by entering the following command in privileged EXEC mode:
Sup# telnet 127.0.0.slot-number3where:
•
•
Step 9
csg2# configure terminalcsg2(config)# interface GigabitEthernet 0/0.3csg2(config-if)# encapsulation dot1q vlan-idwhere vlan-id is the VLAN identifier.
Step 10
csg2(config-if)# ip csg subscriberStep 11
csg2(config-if)# ip address ip-address maskwhere:
•
•
Step 12
csg2(config-if)# standby ip ip-addresswhere ip-address is the standby IP address.
Step 13
csg2(config-if)# ip address ip-address mask secondarywhere:
•
•
If you are configuring the CSG2 for redundancy (that is, active-standby operation), you must define a standby secondary IP address as the RADIUS endpoint or RADIUS proxy CSG2 IP address.
Step 14
csg2(config)# ip csg radius endpoint [vrf csg-vrf-name] csg-address [key [encrypt] secret-string] [vrf sub-vrf-name]Or identify the CSG2 as a proxy for RADIUS Access and RADIUS Accounting messages by entering the following command in global configuration mode:
csg2(config)# ip csg radius proxy [vrf csg-vrf-name] csg-address [vrf server-vrf-name] server-address csg-source-address [key [encrypt] secret-string] [vrf sub-vrf-name]where:
•
•
•
•
•
•
•
Step 15
csg2(config)# ntp server 127.0.0.xywhere:
•
•
Step 16
csg2(config)# ip route prefix mask ip-addresswhere:
•
•
•
Step 17
Sup# hw-module module slot-number resetwhere slot-number is the slot in which the CSG2 is installed.
The CSG2 powers down and resets.
Upgrading the CSG2 Software
To upgrade the CSG2 software, follow these steps:
Step 1
Sup# upgrade hw-module slot slot-number software file namewhere:
•
•
The following message is displayed while the image is being downloaded:
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
When the download is complete, the following prompt is displayed:
Sup#Step 2
Sup# session slot slot-number processor 3Or Telnet to the CSG2, by entering the following command in privileged EXEC mode:
Sup# telnet 127.0.0.slot-number3where:
•
•
Step 3
Router# reload
Saving and Restoring CSG2 Configurations
Note
In CSG2, the configuration is modified and stored by either establishing a session with the control processor (CP), or via a direct console connection with the CSG2.To save the CSG2 configuration on the Supervisor Engine bootflash and slave bootflash, enter the following command in privileged EXEC mode:
csg2(config)# write memoryFor more information about saving and restoring configurations, see the Cisco 7600 Series Cisco IOS Software Configuration Guide.
Configuring the CSG2
Note
Perform the following tasks to configure content billing features on the CSG2:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Configuring the User Database
The CSG2 can use an XML user database to associate an IP address with a user ID, and can refer to the database when it receives a packet with an unknown IP address. XML-based database queries add additional robustness to the CSG2, allowing continued monitoring across a failover, even in the absence of fresh RADIUS flows.
To configure the user database that you want the CSG2 to query for user IDs, enter the following command in global configuration mode:
Configuring the CSG2 User Table
The CSG2 User Table identifies all subscribers known to the CSG2. The table is populated on the basis of the contents of RADIUS Accounting Start messages, or from the user database, if either feature is enabled in your configuration.
When the CSG2 processes a data packet, it searches the User Table and queries the user database for source and destination IP addresses that match the data packet:
1.
2.
3.
4.
To configure the User Table, enter the following command in global configuration mode:
You can set a global idle timer for User Table entries for all billing plans, and you can also set an individual User Table entry idle timer for each individual billing plan.
•
•
That is, if there is an entry idle timer value in the billing plan, it is used; otherwise, if there is a global entry idle timer value configured, it is used.
The idle timer for a subscriber entry starts when all billable sessions for that subscriber have ended. Typically, a TCP session ends when the subscriber and the network have sent FIN messages to each other. Other protocols time out based on the configured idle timer value in the content configuration. The timer restarts when a RADIUS Accounting Start or an Interim Accounting message is received. The timer stops when a session starts.
When the idle timer expires, if Packet of Disconnect (PoD) is not configured, the CSG2 deletes the User Table entry. If Packet of Disconnect (PoD) is configured, the CSG2 sends a PoD message and the CSG2 deletes the User Table entry when the PoD message is ACKed, NAKed, or when all retries have been sent; the RADIUS Stop message does not have to be received by the CSG2.
The idle timer also enables the CSG2 to eliminate an idle User Table entry if the NAS fails to deliver a RADIUS Accounting Stop request for an idle subscriber. Eliminating idle entries from the User Table frees up CSG2 resources.
If Connection Duration Billing is enabled, you can use either the global entry idle timer or the billing plan entry idle timer to release a subscriber connection.
The idle timer does not affect sticky user entries.
To set a global User Table idle timer, enter the following command in global configuration mode:
csg2(config)# ip csg entries user idle duration [pod](Optional) Specifies how long the CSG2 is to retain entries in the CSG2 User Table.
To set a User Table idle timer for a specific billing plan, enter the following command in CSG2 billing configuration mode:
csg2(config-csg-billing)# entries user idle duration [pod](Optional) Sets the time after which entries for idle subscribers are deleted from the CSG2 User Table.
The CSG2 User Table can hold up to 1250000 entries with the 2 GB-SAMI option, or up to 500000 entries with the 1 GB-SAMI option. However, the CSG2 also enables you to specify the maximum number of entries allowed in the User Table. To do so, enter the following command in global configuration mode:
Configuring the Fragment Database
The CSG2 enables you to define the maximum number of entries in the CSG2 fragment database, as well as how long the CSG2 is to retain the entries.
The CSG2 divides the configured maximum number of entries evenly among the traffic processors. For example, if you configure a maximum of 100 entries, the maximum buffer pool size on each traffic processor is 20.
To configure the fragment database, enter the following command in global configuration mode:
Configuring the Session Table
The CSG2 enables you to specify the maximum number of entries allowed in the CSG2 session table. This is the maximum number of sessions that the CSG2 can support. When the number of active sessions reaches the specified maximum, the CSG2 begins dropping incoming new sessions.
The maximum number of entries is not enforced on the buffer pool maximum size, it is enforced during allocation of individual subscriber sessions to the table.
To specify the maximum number of entries allowed in the CSG2 session table, enter the following command in global configuration mode:
csg2(config)# ip csg entries session user max entries(Optional) Specifies the maximum number of entries allowed in the CSG2 session table.
Configuring URL-Redirect
The CSG2 can redirect subscriber flows to an alternate IP address or URL when a subscriber's quota is exhausted. Once configured, the CSG2 redirects subscriber requests to another network that informs the subscriber that the quota has been exceeded and that describes any appropriate actions to take.
In a redirect scenario, the CSG2 responds to the HTTP or WAP subscriber with a response code and a URL to which the subscriber must be redirected.
You can configure the redirect URL using the ip csg redirect command in CSG2 user group configuration mode, or the quota server can provide the redirect URL during service authorization (or reauthorization) or content authorization processing.
For service authorization or content authorization, the quota server reply contains the REDIRECT-URL action code and the redirect URL. In some network configurations, you might want the quota server to return the same redirect URL for HTTP and WAP. If you do not want to use a single redirect URL, the service authorization and Content Authorization Requests identify whether the request is for HTTP or WAP.
A redirect URL that is returned from the quota server in a service authorization response, or that is returned in a Content Authorization Response with the REDIRECT_URL action code, takes precedence over a redirect URL that is configured using the ip csg redirect command. The CSG2 uses the URL specified by the ip csg redirect command when the quota server responds with the FORWARD action code.
•
•
•
•
•
For example, if all of the following conditions are met:
•
•
•
•
Then redirection occurs when the subscriber runs out of quota (assuming that the subscriber has not received quota in the interim). The 8-second timer starts after the first redirect. Therefore, request 1 is redirected, and up to 14 more requests can be redirected, if they occur within 8 seconds after the first redirect.
URL-redirect requires configuration of a policy and service so that subscribers who have exhausted their quotas can access the network specified in the redirect URL.
To redirect subscriber flows to an alternate IP address when the subscriber's quota is exhausted, or to set the amount of time and the number of redirects that the CSG2 allows, enter the following command in global configuration mode:
Configuring Policies and Traffic Types
Policies are access rules that traffic must match in order to be handled by a specific server farm. Policies allow the CSG2 to apply filters to certain types of traffic subject to the accounting service.
When the CSG2 matches policies, it selects the policy that appears first in the policy list. Policies are located in the policy list in the sequence in which they were configured in the content. You can reorder the policies in the list by removing policies and reentering them in the order that you prefer.
To configure accounting records policies, enter the following commands beginning in global configuration mode:
Configuring a Content Billing Service
A CSG2 content billing service is a component of a billing plan to which subscribers subscribe.
For information on configuring one or more content billing services for the CSG2, see the "Configuring Service Support" section on page 5-1.
Configuring Content
The CSG2 uses the Cisco command-line interface (CLI), and requires content configurations or virtual server configurations. This section provides information about configuring content.
A CSG2 content configuration contains the following information:
•
•
If the content configuration does not match any service listed under a subscriber's billing plan, the CSG2 considers the service to be either free or postpaid, and the CSG2 does not try to authorize the subscriber with the quota server.
To configure content for a CSG2 accounting service, enter the following commands beginning in global configuration mode:
Configuring Single-TP Mode
In normal multiple-TP mode, the CSG2 distributes subscriber traffic among all of the TPs, based on each subscriber's IP address. In single-TP mode, the CSG2 dispatches traffic for all subscribers to the first TP to be processed.
Single-TP mode is required for HTTP X-Forwarded-For operation. Before configuring the CSG2 for X-Forwarded-For operation, configure the CSG2 for single-TP mode, then perform a write memory, then restart the CSG2.
To enable the CSG2 to use a single TP instead of multiple TPs, enter the following command in global configuration mode:
Configuring Fixed, Variable, or Combined Format CDR Support
The CSG2 supports both fixed and variable format CDR generation. The CSG2 also supports combined (variable-single) format CDR generation for HTTP and WAP traffic.
The same variables are reported in each CDR regardless of Wireless Session Protocol (WSP) Protocol Data Unit (PDU) type. CDRs contain zero-length variables when there is no information to report, but the same set of variables are always reported in the same sequence.
Fixed record format generates CDRs that always contain the same set of Tag-Length-Values (TLVs). Some might have a length of zero. This format is primarily used for integration with legacy billing systems.
This section contains the following information:
•
•
Fixed CDR Support for HTTP and WAP
The CSG2 provides fixed CDR support for HTTP and WAP. This support generates one fixed CDR for every HTTP transaction, instead of two CDRs, which are typically generated at the beginning and end of the transaction.
The single CDR contains all the fields that are included in the HTTP header and HTTP statistics records, in a fixed format. In addition, the same fixed-format service TLVs that were included for WAP are also included for HTTP.
The single CDR also includes RADIUS TLVs, in ascending order, based on the RADIUS TLVs configured using the ip csg report radius attribute command in CSG2 global configuration mode. This scheme is very flexible, enabling you to add RADIUS attributes dynamically. This function applies to both WAP and HTTP fixed CDRs. For more information, see the "Reporting RADIUS Attributes and VSA Subattributes" section on page 9-7.
Fixed CDR support does not support RADIUS attribute 26 (the vendor-specific attribute, or VSA), because the list of attributes defined within the VSA is variable. Therefore, a predefined "fixed" list of attributes cannot be determined when RADIUS attribute 26 is configured.
The CSG2 also supports fixed HTTP intermediate records. The fixed intermediate record format is identical to the format of the fixed record created at the end of the transaction, except for the message type, which is necessary to differentiate the two records. The intermediate statistics, such as TCP byte counts, are per intermediate period, and are not cumulative. This differs from the existing HTTP intermediate support for variable format CDRs, in which the TCP byte counts are cumulative.
The Content Delivered TLV contains a value of 0x00 (not delivered) if the HTTP response code is greater than or equal to 400, or if the TCP byte download count is less than 12 bytes.
Fixed CDR Support for IMAP
The CSG2 provides fixed CDR support for the Internet Message Access Protocol (IMAP).
When configuring CSG2 support for IMAP, keep in mind that the CSG2 cannot examine IMAP flows sent over an encrypted tunnel, such as Secure Socket Layer (SSL) or Transport Layer Security (TLS). When an encrypted tunnel is used for IMAP traffic, the CSG2 records only IP and TCP upstream and downstream byte counts. No other counts are provided.
Fixed CDR Support for RTSP
This feature enables the CSG2 to send the existing RTSP stream CDRs in a fixed format. The same fixed format service TLVs that were included for WAP are also included for RTSP.
Single CDR Support for HTTP and WAP
For HTTP and WAP, the CSG2 reduces the multiple CDRs generated to a single CDR, which is reported at the end of the transaction. This feature is supported for both WAP connectionless and WAP connection-oriented traffic, as well as for HTTP traffic.
The single CDR contains the standard variable format, and it also includes a comprehensive list of TLVs containing all pertinent information for the transaction. For WAP connectionless transactions, it includes everything that is included in a WAP GET and REPLY CDR. For HTTP transactions, it includes everything in the HTTP header and HTTP statistics records.
When you configure single CDR support, the CSG2 suppresses HTTP intermediate record generation.
Specifying the CDR Format
To specify the CDR format to be used by the CSG2, enter the following command in global configuration mode:
csg2(config)# ip csg records format [fixed | variable [combined {http | wap}]]Specifies variable, fixed, or combined (variable-single) CDR format.
Configuring a Refund Policy on the CSG2
The prepaid error reimbursement feature allows the CSG2 to automatically refund quota for failed transactions, as defined by the CLI. The CSG2 checks them in the following order: TCP/WAP flags, Application Return Code. The CSG2 supports flag-based refunding for all protocols. The CSG2 supports return code-based refunding for all protocols except RTSP.
To configure a refund policy on the CSG2, enter the following commands beginning in global configuration mode:
For information about enabling a refund policy for a service, see the "Enabling a Refund Policy for a Service" section on page 5-18.
Configuring HTTP Header Reporting
The CSG2 allows you to include multiple HTTP request headers in the CSG2 HTTP_Header CDR.
To define HTTP reporting on the CSG2, enter the following command in global configuration mode:
csg2(config)# ip csg report http header x-header(Optional) Defines the inclusion of multiple HTTP request headers in the CSG2 HTTP_Header CDR.
Configuring SMTP CDR Header Removal
An SMTP CDR can be very large, as it includes a report attribute for each SMTP header embedded at the beginning of a message. The CSG2 enables you to eliminate these headers from an SMTP CDR, leaving only the SMTP envelope headers and the size attribute in the report. These are reported as X-CSG-MAIL, X-CSG-RCPT and X-CSG-SIZE.
You can enable the CSG2 to remove SMTP CDR headers. When SMTP CDR header removal is enabled, the CSG2 reports the following header information to the BMA:
•
•
•
When SMTP CDR header removal is disabled, the CSG2 reports the following header information to the BMA:
•
•
•
•
•
•
•
To disable SMTP CDR header removal, including RFC 2822 header TLVs in SMTP CDRs, enter the following command in global configuration mode:
Configuring Supplemental Usage Reporting
You can configure the CSG2 to report supplemental usage to the quota server when sending a Service Stop, Quota Return, or Service Reauthorization Request message. The supplemental usage data reports the uploaded bytes, downloaded bytes, usage time in seconds, and time stamps for the first and last billable sessions. Reports contain statistics since the last report. The supplemental usage is included in the Service Stop Notification (0x0011) and in the Quota Return Notification (0x0009).
If a tariff switch timeout occurs during the interval, the CSG2 sends the tariff switch TLVs along with the supplemental usage TLVs. The supplemental usage TLVs cover the data from the tariff switch time to the end of the interval.
Supplemental usage reporting always reports IP bytes, even if the billing basis is configured for TCP bytes.
To enable supplemental usage reporting on the CSG2, enter the following command in global configuration mode:
Configuring Actual PDU Reporting for WAP
The CSG2 can report actual protocol data units (PDUs) in wireless application protocol (WAP) CDRs.
To report actual PDUs, enter the following command in global configuration mode:
csg2(config)# ip csg report wap actual-pdu(Optional) Specifies whether actual PDUs are to be reported in CSG2 WAP CDRs.
Configuring Maps for Pattern-Matching
The CSG2 maps are used to match URLs or headers against a pattern, to determine whether flows will be processed by the CSG2 accounting services.
To define the CSG2 billing content filters (URL maps and header maps), follow these steps:
Note
For more information, including how to specify match patterns and how the CSG2 matches those patterns, see the descriptions of the map, match header, match method, and match url commands.
Configuring Connection Redundancy
Connection redundancy prevents open connections from becoming unresponsive when the active CSG2 fails and the standby CSG2 becomes active. With connection redundancy, the active CSG2 replicates forwarding information to the standby CSG2 for each connection that is to remain open when the active CSG2 fails over to the standby CSG2.
To enable connection redundancy, enter the replicate command in CSG2 content configuration mode.
Configuring High Availability
The CSG1 fault-tolerant feature has been replaced with the CSG2 high availability (HA) feature.
The HA component of the CSG2 provides both stateless and stateful redundancy.
•
•
For high availability (HA), keep the following consideration in mind:
•
•
•
This section contains the following information:
•
•
•
•
Components That Provide HA
Table 2-1 lists the components that interact to provide CSG2 HA.
Enabling HA
The CSG2 uses two separate commands to enable replication. Using separate commands allows for the synchronization of subscriber and quota states independent of per-flow synchronization.
To enable replication of session and flows, use the replicate command in CSG2 content configuration mode. For more information, see the "Configuring Content" section
To enable HA state replication between redundant CSG2 systems, enter the following command in global configuration mode:
(Optional) Enables HA state replication between redundant CSG2 systems.
Configuring a Secondary IP Address for HA
In some configurations, you might want the CSG2 to answer ARPs for CSG2 RADIUS endpoint and proxy IP addresses. To achieve this behavior, you must configure a secondary IP address on the appropriate interface, to facilitate the Layer 2 presence of the IP address on connected VLAN segments.
•
For example, any configuration that uses RADIUS load balancing to distribute traffic across multiple CSG2s, with the CSG2s acting as redundant devices, must use this approach. Note that the RADIUS load balancing real servers must be Layer 2-adjacent to the RADIUS load-balancing device.
interface GigabitEthernet0/0.107encapsulation dot1Q 107ip address 10.10.107.22 255.255.255.0standby 0 ip 10.10.107.111standby 0 ip 10.10.107.112 secondary!ip csg radius endpoint 10.10.107.112 key cisco•
interface GigabitEthernet0/0.107encapsulation dot1Q 107ip address 10.10.107.22 255.255.255.0ip address 10.10.107.22 255.255.255.0 secondary!ip csg radius endpoint 10.10.107.112 key ciscoSynchronizing Clocks for HA
HA requires the clocks in your active and standby CSG2s to be synchronized with the clocks in any associated Supervisor Engines, to ensure correct billing. If your active and standby CSG2s are not installed in the same Cisco 7600 series router chassis, you must also synchronize the clocks in the associated Supervisor Engines with each other.
•
•
•
Note
Modifying an HA Configuration
To ensure stability, RF Interdev forces a system reload if an active system transitions to a standby state, or if communication between an active system and a standby system is interrupted. Both of these conditions can occur when you modify the ipc zone default or standby configurations for a CSG2 HA configuration.
To avoid forced reloads, use the following procedure when modifying any aspect of a CSG2 HA configuration (such as ipc, standby, or replicate).
Step 1
csg2(config)# redundancy inter-devicecsg2(config-red-interdevice)# no scheme standby SBStep 2
csg2(config)# write memoryStep 3
Router# reloadStep 4
Step 5
Step 6
csg2(config)# write memoryStep 7
Router# reload
Distributed Crash Data Collection
The CSG2 uses a control processor (CP) and multiple traffic processors (TPs), operating in parallel. If one of the processors fails, it can be useful to have crash data from all of the processors, not just the failed one. To that end, distributed crash data collection enables the CP and each TP to generate the following crash data:
•
•
The processors use the following format when creating the crash and debugging information files:
designator_processornumber_timestamp
where:
•
•
•
For example, crashinfo_proc4_20080603-171440 is a crash information file for TP 4 that was created on June 3, 2008, at 5:14:40PM.
The CSG2's Line Card Processor (LCP) collects each TP's crash and debugging information files and combines the files into a single .tar file, stored on the LCP in the core: file system:
lcp# dir core:
1048576 Jul 11 16:18:40 2008 crashinfo
1075200 May 3 00:19:05 2008
crashinfo_collection-20080503-001844.tarYou can read the .tar file from the Supervisor Engine. For example, for slot 2:
cat# dir sami#2-fs:core/
Directory of sami#2-fs:core/
12 ---- 1048576 Jul 11 2008 16:18:40 +00:00 crashinfo
22 ---- 1075200 May 3 2008 00:19:05 +00:00 crashinfo_collection-20080503-001844.tarThere are no commands required to enable distributed crash data collection.
Note
Configuring HA for CSG2s in Different Chassis
If the CSG2s are in different chassis, we recommend that you configure the Supervisor Engines as peers of each other, in addition to configuring them as clients of the same NTP servers. This peer configuration ensures that, if one of the Supervisor Engines loses connectivity to its servers, it can obtain time synchronization information for the peer Supervisor Engine.
Classifying Data Traffic
The CSG2 enables you to classify data traffic on the basis of its access path, using the Network Access Server (NAS) IP address reported in the RADIUS Accounting Start message. Transport-type information is reported in fixed record format CDRs.
To classify data traffic on the basis of its access path, enter the following command in global configuration mode:
csg2(config)# ip csg transport-type assign ip-address value(Optional) Classifies data traffic on the basis of its access path.
Configuring a CSG2 Subscriber Interface
To configure a subscriber interface as a CSG2 subscriber interface, enter the following command in interface configuration mode:
Configuring Case Sensitivity
By default, CSG2 header, method, and URL match patterns are case-sensitive.
To explicitly configure the CSG2 to treat match patterns as case-sensitive, enter the following command in global configuration mode:
Router# ip csg case-sensitive(Optional) Specifies whether the CSG2 is to treat header, method, and URL match patterns as case-sensitive.
To disable case-sensitivity for CSG2 match patterns, enter the following command in global configuration mode:
Router# no ip csg case-sensitive(Optional) Specifies that the CSG2 is to treat header, method, and URL match patterns as not case-sensitive.
Configuring WAP and WSP Support
The CSG2 can intercept wireless application protocol (WAP) traffic and generate reports that include contextual WAP information and counts of the bytes transferred. This feature supports both prepaid and postpaid billing. This section provides the following information:
Counting Bytes and Packets
The CSG2 reports WAP datagram sizes (including IP and UDP headers), the number of IP packets per transaction, and PDU counts. (The PDU count is not the same as the packet count. Multiple WAP PDUs can share a single packet.) Bytes for retransmitted WAP PDUs and segments are counted and listed separately from non-retransmitted counts in the billing reports. Byte and PDU counts are further specified by source. Reports include the number of bytes and PDUs uploaded from source to destination and the number of bytes downloaded from destination to source.
Incomplete WAP Transactions
When the internal session representing a WAP flow for the CSG2 expires (because of inactivity or receipt of a WAP DISCONNECT packet), any outstanding elements in the WAP transaction queue are reported. These outstanding elements are transactions that were not completed. Examples include a GET request for which a full REPLY was not received, and a segmented POST or PUSH that was incomplete (missing a segment). In such cases, the incomplete flag is set on the Wireless Transaction Protocol (WTP) Info Tag-Length-Value (TLV) in the WAP statistics record. The record reports the Wireless Session Protocol (WSP) PDU type, WTP transaction class, WTP transaction ID, and the number of IP bytes transferred during the attempted transaction.
Multimedia Messaging Service
The CSG2 differentiates Multimedia Messaging Service (MMS) traffic running over WAP from other WAP traffic by inspecting the Wireless Session Protocol (WSP) Content Type. If MMS prepaid charging is disabled, all MMS traffic flows even when non-MMS, WAP traffic is blocked because of insufficient quota. Postpaid reports for MMS are generated as for all WAP traffic.
Typically, several WAP packets are exchanged during a transaction before the WSP Content Type can be identified. When prepaid WAP with free MMS is configured, some packets still flow (even if a subscriber has insufficient quota) in order to identify the WSP Content Type. But the transaction does not complete, and the subscriber does not receive content if he or she has insufficient quota for a non-MMS, WAP request.
It is not always possible to determine the WSP Content Type for incomplete transactions. In these instances, no quota is deducted for prepaid subscribers.
Blocking Ports
RTSP RealPlayer subscribers ignore the explicit definition of port 554 in the URL, and attempt to connect to ports 554, 7070, 80, and 8080. Many other streaming media servers also listen on ports 7070, 80, and 8080. For HTTP transport, if the media streams from any port other than port 554 (such as port 7070, 80, or 8080), the CSG2 does not bill the stream as RTSP. Therefore, for RTSP billing, you must block TCP and HTTP connections to the server network on ports 7070, 80, and 8080.
To block a port, you must configure a content that matches the connection to the server network and sends transactions to a false next-hop IP address, as shown in the following example:
ip csg content BLOCK7070ip 1.1.1.0 255.255.255.0 tcp 7070next-hop 10.10.10.1policy RTSP-BLOCKinservice!ip csg content BLOCK80ip 1.1.1.0 255.255.255.0 tcp 80next-hop 10.10.10.1policy RTSP-BLOCKinservice!ip csg content BLOCK8080ip 1.1.1.0 255.255.255.0 tcp 8080next-hop 10.10.10.1policy RTSP-BLOCKinservice!ip csg content RTSPCONTSERVERip 1.1.1.0 255.255.255.0 tcp 554idle 50replicatepolicy RTSPinserviceConfiguring SNMP Timers
The CSG2 enables you to configure SNMP timers for lost CSG2 records.
To configure an SNMP timer and to enter CSG2 SNMP timer configuration mode, enter the following command in global configuration mode:
csg2(config)# ip csg snmp timer {bma | psd | quota-server} [interval](Optional) Defines Simple Network Management Protocol (SNMP) timers for lost CSG2 records.
Configuring the SAMI Bit Rate Limit
To specify the bit rate limit to be used by the Service and Application Module for IP (SAMI) for each PowerPC's (PPC's) traffic, enter the following command in global configuration mode:
(Optional) Specifies the bit rate limit to be used by the SAMI for each PPC's traffic.
Configuring the SNMP Notification Types
To enable Simple Network Management Protocol (SNMP) notification types that are available on the CSG2, enter the following command in global configuration mode:
CSG2 Configuration Examples
This section provides the following sample configurations for CSG2:
•
•
•
•
Sample Configuration for Subscriber-to-Subscriber Traffic
The CSG2 handles the following scenarios for subscriber-to-subscriber traffic:
•
•
•
•
where:
•
•
•
•
If RADIUS endpoint or RADIUS proxy is configured, the CSG2 that "owns" the subscriber is the one that processes RADIUS Accounting Requests for the subscriber.
In each scenario, the CSG2 generates consistent CDRs for both prepaid and postpaid charging:
•
•
When configuring the CSG2 for subscriber-to-subscriber traffic, keep the following considerations in mind:
•
•
–
–
Configuring Next-Hop for a Subscriber-to-Subscriber Content
On each CSG2 that handles subscriber-to-subscriber traffic, you must configure subscriber-to-subscriber content using the next-hop command:
ip csg content SUB-TO-SUBip 11.0.0.0 255.0.0.0 anynext-hop 10.5.1.100policy ANY-MSvlan 301inserviceWhen configuring the next-hop configuration, keep the following considerations in mind:
•
•
•
•
Configuring Reverse Next-Hop for a Subscriber-to-Subscriber Content
On each CSG2 that handles subscriber-to-subscriber traffic, you must configure reverse subscriber-to-subscriber content using the next-hop reverse command:
ip csg content REV-SUB-TO-SUBip 11.0.0.0 255.0.0.0 anynext-hop 10.5.1.100 reversepolicy ANY-MSvlan 501inserviceWhen configuring the next-hop configuration, keep the following considerations in mind:
•
•
•
•
•
Configuring Prepaid Subscriber-to-Subscriber Contents for a Service
On each CSG2 that handles prepaid subscriber-to-subscriber traffic, you must configure a service that includes subscriber-to-subscriber contents:
ip csg service SUB-TO-SUBcontent REV-SUB-TO-SUB policy ANY-MScontent SUB-TO-SUB policy ANY-MSSample Configuration for HTTP X-Forwarded-For
The following example shows how to configure the CSG2 to obtain the subscriber's IP address from the HTTP X-Forwarded-For header, including the configuration of single-TP mode:
ip csg mode single-tpip csg map WEBmatch url *.(htm|asp|php)ip csg policy CATCHALLaccountingip csg policy WEBaccountingmap WEBip csg content XF4ip any tcp 80subscriber-ip http x-forwarded-forpolicy WEBinserviceSample Configuration for High Availability
The following example shows how to configure the CSG2 for High Availability (HA).
Figure 2-1 Configuring the CSG2 for High Availability
HA Configuration on the Active CSG2
redundancy inter-devicescheme standby SB!ipc zone defaultassociation 1no shutdownprotocol sctplocal-port 30001local-ip 10.10.24.14remote-port 30001remote-ip 10.10.24.13!interface gig 0/0!interface gig 0/0.10ip csg subscriberencaps dot1q 10 vlan 10ip address 10.10.24.14 255.255.255.0standby use-biastandby 5 ip 10.10.24.1standby 5 ip 10.10.24.100 secondarystandby 5 name SB!interface gig 0/0.20encaps dot1q 20 vlan 20ip address 10.10.25.14 255.255.255.0standby use-biastandby 5 ip 10.10.25.1standby 5 follow SB!ip csg replicate 10.10.24.14 10.10.14.13 2000ip csg radius endpoint 10.10.24.100 key ciscoHA Configuration on the Standby CSG2
redundancy inter-devicescheme standby SB!ipc zone defaultassociation 1no shutdownprotocol sctplocal-port 30001local-ip 10.10.24.13remote-port 30001remote-ip 10.10.24.14!interface gig 0/0!interface gig 0/0.10ip csg subscriberencaps dot1q 10ip address 10.10.24.13 255.255.255.0standby use-biastandby 5 ip 10.10.24.1standby 5 ip 10.10.24.100 secondarystandby 5 priority 95standby 5 name SB!interface gig 0/0.20encaps dot1q 20ip address 10.10.25.13 255.255.255.0standby use-biastandby 5 ip 10.10.25.1standby 5 priority 95standby 5 follow SB!ip csg replicate 10.10.24.13 10.10.24.14 2000ip csg radius endpoint 10.10.24.100 key CiscoSample Configuration for HA Peer Connectivity
When configuring the CSG2 for HA peer connectivity, keep the following considerations in mind:
•
•
•
This section includes the following information"
•
•
•
•
•
•
Sample Configuration for Supervisor Engine Side 1
The pertinent configuration for Supervisor Engine side 1 is as follows:
svclc multiple-vlan-interfacessvclc module 4 vlan-group 4,5svclc vlan-group 4 10,100,200svclc vlan-group 5 500!interface GigabitEthernet1/47description inter-chassis port channelswitchportswitchport access vlan 500channel-group 1 mode on!interface GigabitEthernet1/48description inter-chassis port channelswitchportswitchport access vlan 500channel-group 1 mode onThe port-channel interface is created as a result of joining channel-group 1 and can be verified using the following command:
csg_sup# show running interfaces port-channel 1Current configuration : 109 bytes!interface Port-channel1switchportswitchport access vlan 500switchport trunk encapsulation dot1qendSample Configuration for CSG2 Side 1
The pertinent configuration for CSG2 side 1 is as follows:
redundancy inter-devicescheme standby SB!ipc zone defaultassociation 1no shutdownprotocol sctplocal-port 30001local-ip 192.168.5.6remote-port 30001remote-ip 192.168.5.5!interface GigabitEthernet0/0.500encapsulation dot1Q 500ip address 192.168.5.6 255.255.255.0standby 0 ip 192.168.5.1standby 0 name SB!ip csg replicate 192.168.5.6 192.168.5.5 2000Sample Configuration for Supervisor Engine Side 2
The pertinent configuration for Supervisor Engine side 2 is as follows:
svclc multiple-vlan-interfacessvclc module 4 vlan-group 4,5svclc vlan-group 4 10,100,200svclc vlan-group 5 500!interface GigabitEthernet1/47description inter-chassis port channelswitchportswitchport access vlan 500channel-group 2 mode on!interface GigabitEthernet1/48description inter-chassis port channelswitchportswitchport access vlan 500channel-group 2 mode onThe port-channel interface is created as a result of joining channel-group 2 and can be verified using the following command:
csg_sup# show running interfaces port-channel 2Current configuration : 109 bytes!interface Port-channel2switchportswitchport access vlan 500switchport trunk encapsulation dot1qendSample Configuration for CSG2 Side 2
The pertinent configuration for CSG2 side 2 is as follows:
redundancy inter-devicescheme standby SB!ipc zone defaultassociation 1no shutdownprotocol sctplocal-port 30001local-ip 192.168.5.5remote-port 30001remote-ip 192.168.5.6!interface GigabitEthernet0/0.500encapsulation dot1Q 500ip address 192.168.5.5 255.255.255.0standby 0 ip 192.168.5.1standby 0 name SB!ip csg replicate 192.168.5.5 192.168.5.5 2000Displaying Port-Channel Information for One Side
Use the following commands to display the port-channel information for one side of the configuration:
csg_sup# show running interfaces port-channel 2Building configuration...Current configuration : 109 bytes!interface Port-channel2switchportswitchport access vlan 500switchport trunk encapsulation dot1qendcsg_sup# show interfaces port-channel 2Port-channel2 is up, line protocol is up (connected)Hardware is EtherChannel, address is 001f.9ecb.2af6 (bia 001f.9ecb.2af6)MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Full-duplex, 1000Mb/sinput flow-control is off, output flow-control is offMembers in this channel: Gi1/47 Gi1/48ARP type: ARPA, ARP Timeout 04:00:00Last input never, output never, output hang neverLast clearing of "show interface" counters 02:31:37Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0Queueing strategy: fifoOutput queue: 0/40 (size/max)5 minute input rate 2000 bits/sec, 4 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec2448 packets input, 178170 bytes, 0 no bufferReceived 2425 broadcasts (2376 multicasts)0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored0 watchdog, 0 multicast, 0 pause input0 input packets with dribble condition detected117 packets output, 18805 bytes, 0 underruns0 output errors, 0 collisions, 1 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrier, 0 pause output0 output buffer failures, 0 output buffers swapped outcsg_sup# show interfaces gigabitEthernet 1/47GigabitEthernet1/47 is up, line protocol is up (connected)Hardware is c7600 1Gb 802.3, address is 001f.9ecb.2af6 (bia 001f.9ecb.2af6)Description: inter-chassis port channelMTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Full-duplex, 1000Mb/sinput flow-control is off, output flow-control is offClock mode is autoARP type: ARPA, ARP Timeout 04:00:00Last input 00:00:00, output 00:00:43, output hang neverLast clearing of "show interface" counters 02:32:31Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0Queueing strategy: fifoOutput queue: 0/40 (size/max)5 minute input rate 2000 bits/sec, 4 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec7878 packets input, 594299 bytes, 0 no bufferReceived 7798 broadcasts (7701 multicasts)0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 8 frame, 0 overrun, 0 ignored0 watchdog, 0 multicast, 0 pause input0 input packets with dribble condition detected8395 packets output, 640596 bytes, 0 underruns0 output errors, 0 collisions, 4 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrier, 0 pause output0 output buffer failures, 0 output buffers swapped outcsg_sup# show interfaces gigabitEthernet 1/48GigabitEthernet1/48 is up, line protocol is up (connected)Hardware is c7600 1Gb 802.3, address is 001f.9ecb.2af7 (bia 001f.9ecb.2af7)Description: inter-chassis port channelMTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Full-duplex, 1000Mb/sinput flow-control is off, output flow-control is offClock mode is autoARP type: ARPA, ARP Timeout 04:00:00Last input 00:00:49, output 00:00:44, output hang neverLast clearing of "show interface" counters 02:32:54Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0Queueing strategy: fifoOutput queue: 0/40 (size/max)5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec10771 packets input, 832887 bytes, 0 no bufferReceived 10556 broadcasts (10438 multicasts)0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 16 frame, 0 overrun, 0 ignored0 watchdog, 0 multicast, 0 pause input0 input packets with dribble condition detected12970 packets output, 990962 bytes, 0 underruns0 output errors, 0 collisions, 4 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrier, 0 pause output0 output buffer failures, 0 output buffers swapped outConfiguring CSG2 Network/Subscriber Traffic
Inter-chassis network and subscriber traffic must have a similar setup, contained within a redundant inter-chassis connection (that is, a port-channel interface as shown above). This traffic, however, can share the bandwidth in the inter-chassis connection with other VLANS using trunks, as it does not need to be isolated as the CSG2 HA VLAN must be. However, you must ensure you have enough inter-chassis bandwidth to accommodate your anticipated maximum load for the shared port-channel.
1 Presence of this header depends on the contents of the SMTP header.
