- About this Guide
- Ultra Services Platform Overview
- Introduction to UGP
- System Operation and Configuration
- Getting Started
- System Settings
- Config Mode Lock Mechanisms
- Management Settings
- Verifying and Saving Your Configuration
- System Interfaces and Ports
- System Security
- Secure System Configuration File
- Software Management Operations
- Smart Licensing
- Monitoring the System
- Bulk Statistics
- System Logs
- Troubleshooting
- Packet Capture (PCAP) Trace
- System Recovery
- Access Control Lists
- Congestion Control
- Routing
- VLANs
- BGP MPLS VPNs
- Content Service Steering
- Session Recovery
- Interchassis Session Recovery
- Support Data Collector
- Engineering Rules
- StarOS Tasks
- NETCONF and ConfD
- ICSR Checkpointing
- UGP SDR CLI Command Strings
- VPC Commands
- KPI Descriptions
Content Service Steering
This chapter provides information on configuring Content Service Steering (CSS). The product administration guides provide examples and procedures for configuration of basic services on the system. You should select the configuration example that best meets your service model, and configure the required elements for that model as described in the respective product administration guide, before using the procedures described below.
Internal CSS is a generic feature, if an ECSv2 license is installed on your system, internal CSS can be enabled. A separate license is not required to enable internal CSS. Contact your local Cisco account representative for information on how to obtain a license.
This chapter contains the following topics:
Overview
Content Server Selection (CSS) is a StarOS function that defines how traffic will be handled based on the "content" of the data presented by a mobile subscriber (or to a mobile subscriber). CSS is a broad term that includes features such as load balancing, NAT, HTTP redirection, and DNS redirection.
The content server (services) can be either external to the platform or integrated inside the platform.
CSS uses Access Control Lists (ACLs) to redirect subscriber traffic flows. ACLs control the flow of packets into and out of the system. ACLs consist of "rules" (ACL rules) or filters that control the action taken on packets matching the filter criteria.
ACLs are configurable on a per-context basis and applies to a subscriber through either a subscriber profile (or an APN profile in the destination context. For additional information, refer to the Access Control Lists chapter.
Configuring Internal Content Service Steering
To configure and activate a single CSS service for redirecting all of a subscriber's IP traffic to an internal in-line service:
Step 1 | Define an IP ACL as described in Defining IP Access Lists for Internal CSS . |
Step 2 | Optional: Apply an ACL to an individual subscriber as described in Applying an ACL to an Individual Subscriber (Optional). |
Step 3 | Optional: Apply a single ACL to multiple subscribers as described inApplying an ACL to Multiple Subscribers (Optional) . |
Step 4 | Optional: Apply an ACL to multiple subscribers via APNs as described in Applying an ACL to Multiple Subscriber via APNs. |
Step 5 | Save your
configuration to flash memory, an external memory device, and/or a network
location using the Exec mode command save configuration. For additional
information on how to verify and save configuration files, refer to the
System
Administration Guide and the
Command Line
Interface Reference.
Commands used in the configuration examples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. Not all commands or keywords/variables may be supported or available. Availability varies on the platform type and installed license(s). |
Defining IP Access Lists for Internal CSS
IP ACLs specify what type of subscriber traffic and which direction (uplink, downlink, or both) traffic is redirected. The IP ACL must be specified in the context in which subscriber authentication is performed.
Caution | To minimize the risk of data loss, do not make configuration changes to ACLs while the system is facilitating subscriber sessions. |
Use the following configuration example to define an IP ACL for internal CSS; start in the Exec mode of the CLI:
configure context context_name ip access-list acl_name redirect css service service_name keywords options end
Notes:
-
service_name must be an ACL service name.
-
For information on the keywords and options available with the redirect css service command, see the ACL Configuration Mode Commands chapter in the Command Line Interface Reference.
-
For IPv6 ACLs, the same configurations must be done in the IPv6 ACL Configuration Mode. See the IPv6 ACL Configuration Mode Commands chapter in the Command Line Interface Reference.
Applying an ACL to an Individual Subscriber (Optional)
For information on how to apply an ACL to an individual subscriber, refer to the Applying an ACL to an Individual Subscriber section of the Access Control Lists chapter.
Applying an ACL to Multiple Subscribers (Optional)
IP ACLs are applied to subscribers via attributes in their profiles. The subscriber profile can be configured locally on the system or remotely on a RADIUS server.
All subscribers facilitated within a specific context by applying the ACL to the profile of the subscriber named default.
All subscribers facilitated by specific services by applying the ACL to a subscriber profile and then using the default subscriber command to configure the service to use that subscriber as the "default" profile.
- Applying an ACL to the Subscriber Named default (Optional)
- Applying an ACL to Service-specified Default Subscribers (Optional)
Applying an ACL to the Subscriber Named default (Optional)
For information on how to apply an ACL to the default subscriber, refer to the Applying an ACL to the Subscriber Named default section in the Access Control Lists chapter.
Applying an ACL to Service-specified Default Subscribers (Optional)
For information on how to apply an ACL to the subscriber to be used as the "default" profile by various system services, refer to the Applying an ACL to Service-specified Default Subscribers section in the Access Control Lists chapter.
Applying an ACL to Multiple Subscribers via APNs (Optional)
IP ACLs are applied to subscribers via attributes in their profiles. The subscriber profile can be configured locally on the system or remotely on a RADIUS server.
To reduce configuration time, ACLs can alternatively be applied to APN templates. When configured, any subscriber packets facilitated by the APN template would then have the associated ACL applied.
For information on how to apply an ACL to multiple subscribers via APNs, refer to the Applying a Single ACL to Multiple Subscribers via APNs section in the Access Control Lists chapter.