Cisco Network Registrar Login Event Generator
Published: December 21, 2012
This chapter describes the Cisco Service Control Subscriber Manager Cisco Network Registrar (CNR) Login Event Generator (LEG) software module.
The CNR LEG is a software module that forwards login and logout events from the CNR to the Cisco Service Control Subscriber Manager. The CNR LEG is actually a CNR extension developed in C++. The extension points used by CNR LEG are:
The CNR LEG Module
The CNR LEG module requires the use of option 82 suboption 2 (Relay-Agent-Information Option with the Remote-ID suboption), which contains the CM-MAC, in all DHCP requests. If option 82 does not exist in a renewal transaction, an attempt to extend the lease based solely on the IP address is performed. This will succeed only if the IP address was previously logged in to the Subscriber Manager (SM) by the LEG, in the event of a full DHCP transaction, or via other interfaces to the SM.
The CNR LEG module protects the Cisco Service Control Subscriber Manager and the connection to the Cisco Service Control Subscriber Manager from any DHCP denial of service (DoS) attacks, which are performed on the CNR. To reduce the login rate to the Cisco Service Control Subscriber Manager, the LEG ignores identical DHCP requests that are approved by the CNR. The requests are sent to the CNR in short time intervals.
For additional information about extending the CNR functionality by using extension points, see the Cisco Network Registrar CLI Reference Guide.
The CNR LEG module was carefully developed and thoroughly tested on Solaris and Windows platforms for both functional correctness and robustness. It does not jeopardize the stability or the reliability of the CNR.