Content Service Steering

This chapter provides information on configuring Content Service Steering (CSS). The product administration guides provide examples and procedures for configuration of basic services on the system. You should select the configuration example that best meets your service model, and configure the required elements for that model as described in the respective product administration guide, before using the procedures described below.

Important:

Internal CSS is a generic feature, if an ECSv2 license is installed on your system, internal CSS can be enabled. A separate license is not required to enable internal CSS. Contact your local Cisco account representative for information on how to obtain a license.

This chapter contains the following topics:

Overview

Content Server Selection (CSS) is a StarOS function that defines how traffic will be handled based on the "content" of the data presented by a mobile subscriber (or to a mobile subscriber). CSS is a broad term that includes features such as load balancing, NAT, HTTP redirection, and DNS redirection.

The content server (services) can be either external to the platform or integrated inside the platform.

CSS uses Access Control Lists (ACLs) to redirect subscriber traffic flows. ACLs control the flow of packets into and out of the system. ACLs consist of "rules" (ACL rules) or filters that control the action taken on packets matching the filter criteria.

ACLs are configurable on a per-context basis and applies to a subscriber through either a subscriber profile (or an APN profile in the destination context. For additional information, refer to the Access Control Lists chapter.

Configuring Internal Content Service Steering

To configure and activate a single CSS service for redirecting all of a subscriber's IP traffic to an internal in-line service:


    Step 1   Define an IP ACL as described in Defining IP Access Lists for Internal CSS .
    Step 2   Optional: Apply an ACL to an individual subscriber as described in Applying an ACL to an Individual Subscriber (Optional).
    Step 3   Optional: Apply a single ACL to multiple subscribers as described inApplying an ACL to Multiple Subscribers (Optional) .
    Step 4   Optional: Apply an ACL to multiple subscribers via APNs as described in Applying an ACL to Multiple Subscriber via APNs.
    Step 5   Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration. For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference.

    Commands used in the configuration examples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. Not all commands or keywords/variables may be supported or available. Availability varies on the platform type and installed license(s).


    Defining IP Access Lists for Internal CSS

    IP ACLs specify what type of subscriber traffic and which direction (uplink, downlink, or both) traffic is redirected. The IP ACL must be specified in the context in which subscriber authentication is performed.


    Caution


    To minimize the risk of data loss, do not make configuration changes to ACLs while the system is facilitating subscriber sessions.


    Use the following configuration example to define an IP ACL for internal CSS; start in the Exec mode of the CLI:

    configure
       context context_name
          ip access-list acl_name
             redirect css service service_name keywords options
             end

    Notes:

    • service_name must be an ACL service name.

    • For information on the keywords and options available with the redirect css service command, see the ACL Configuration Mode Commands chapter in the Command Line Interface Reference.

    • For IPv6 ACLs, the same configurations must be done in the IPv6 ACL Configuration Mode. See the IPv6 ACL Configuration Mode Commands chapter in the Command Line Interface Reference.

    Applying an ACL to an Individual Subscriber (Optional)

    For information on how to apply an ACL to an individual subscriber, refer to the Applying an ACL to an Individual Subscriber section of the Access Control Lists chapter.

    Applying an ACL to Multiple Subscribers (Optional)

    IP ACLs are applied to subscribers via attributes in their profiles. The subscriber profile can be configured locally on the system or remotely on a RADIUS server.

    The system provides for the configuration of subscriber functions that serve as default values when specific attributes are not contained in the individual subscriber's profile. When configured properly, the functions can be used to apply an ACL to:
    • All subscribers facilitated within a specific context by applying the ACL to the profile of the subscriber named default.

    • All subscribers facilitated by specific services by applying the ACL to a subscriber profile and then using the default subscriber command to configure the service to use that subscriber as the "default" profile.

    Applying an ACL to the Subscriber Named default (Optional)

    For information on how to apply an ACL to the default subscriber, refer to the Applying an ACL to the Subscriber Named default section in the Access Control Lists chapter.

    Applying an ACL to Service-specified Default Subscribers (Optional)

    For information on how to apply an ACL to the subscriber to be used as the "default" profile by various system services, refer to the Applying an ACL to Service-specified Default Subscribers section in the Access Control Lists chapter.

    Applying an ACL to Multiple Subscribers via APNs (Optional)

    IP ACLs are applied to subscribers via attributes in their profiles. The subscriber profile can be configured locally on the system or remotely on a RADIUS server.

    To reduce configuration time, ACLs can alternatively be applied to APN templates. When configured, any subscriber packets facilitated by the APN template would then have the associated ACL applied.

    For information on how to apply an ACL to multiple subscribers via APNs, refer to the Applying a Single ACL to Multiple Subscribers via APNs section in the Access Control Lists chapter.