The ISG Layer 4 Redirect feature redirects specified packets to servers that handle the packets in a specified manner. For
example, packets sent upstream by unauthorized users can be forwarded to a server that redirects the users to a login page.
Similarly, if users try to access a service to which they have not logged in, the packets can be redirected to a server that
provides a service login screen.
The Layer 4 Redirect feature supports three types of redirection, which can be applied to subscriber sessions or to flows:
Initial redirection—Specified traffic is redirected for a specific duration of the time only, starting from when the feature
Periodic redirection—Specified traffic is periodically redirected. The traffic is redirected for a specified duration of
time. The redirection is then suspended for another specified duration. This cycle is repeated. During periodic redirect,
all new TCP connections are redirected until the duration of the redirect is over. After that time any new incoming TCP connections
will not be redirected. However, all existing TCP connections that were initiated during this redirection will still be redirected
so as not to break the connections.
Permanent redirection—Specified traffic is redirected to the specified server all the time.
A redirect server can be any server that is programmed to respond to the redirected packets. If ISG is used with a web portal,
unauthenticated subscribers can be sent automatically to a login page when they start a browser session. Web portal applications
can also redirect to service login pages, advertising pages, and message pages.
Redirected packets are sent to an individual redirect server or redirect server group that consists of one or more servers.
ISG selects one server from the group on a rotating basis to receive the redirected packets.
When traffic is redirected, ISG modifies the destination IP address and TCP port of upstream packets to reflect the destination
server. For downstream packets, ISG changes the source IP address and port to the original packet’s destination.
When traffic is selected by a policy map that includes a
redirection command, packets are fed back into the policy map classification scheme for a second service selection. The modified IP headers
can be subject to different classification criteria. For example, if two class maps exist, each with different
redirection commands, packets could be redirected, selected by the first class map, and redirected a second time. To avoid this situation,
configure traffic class maps so that two consecutive redirections cannot be applied to the same packet.