L3, L4, and L7 Rule Combination in Ruledef

Revision History


Note

Revision history details are not provided for features introduced before release 21.24.

Revision Details

Release

First introduced

Pre 21.24

Feature Description

Using the L3, L4, and L7 Rule Combination in Ruledef feature, you can allow and categorize traffic into specific Rating Group (RG) for the following:

  • Specific IP addresses

  • Ports

  • Uniform Resource Locators (URLs)

The feature increases the scalability of the host pool from 256 to 512. The feature allows and defines a new url-sni-pool configuration with 256 entries in a single pool. The entries can be a mix of URL and Server Name Indication (SNI) values. The system-wide limit of URL-SNI pools is 384 entries.

How it Works

The feature enables you to define a list of URLs or SNIs for the url-sni-pool configuration. The system uses a pool of URLs or SNIs as an L7 filter within a ruledef. A ruledef can contain a combination of hostpool, portmap, and url-sni pool match. The system matches the url-sni-pool configuration along with the other rule lines criteria without occupying any of the 32 existing rule lines.

Configuring the L3, L4, and L7 Rule Combination in Ruledef Feature

The new URL-SNI Pool Configuration mode is available under ACS Configuration mode. Use the following configuration to enable the feature. 

configure 
   active-charging service service_name 
      url-sni-pool pool_name 
         http url { contains | starts-with | ends-with | = | !contains | !starts-with | !ends-with | != } url_name 
         tls sni { contains | starts-with | ends-with | = | !contains | !starts-with | !ends-with | != } sni_identity 
      ruledef ruledef_name 
         ip server-ip-address host_poolname 
         tcp either-port port-map port_mapname 
         http-tls url-sni-pool pool_name 
         end

Note

  • The system configures the ruledef with the default all-lines AND option or multi-line-or-all-lines option.

  • When the url-sni-pool rule line is configured, the URL or SNI value is always matched regardless of the AND or OR match operation.

  • When the AND operation is configured, all the other rule lines is matched in addition to the URL or SNI value in the pool.

    • The AND operation is the default configuration.

  • After configuring the OR operation, the system matches the following values for the rule action to take effect:

    • Any one of the other rule lines.

    • URL or SNI

Verifying the L3, L4, and L7 Rule Combination in Ruledef Feature Configuration

Use the following show CLI commands to verify the url-sni-pool configuration.

  • On Control Plane: show configuration active-charging service name service_name

    For example, the following is a partial output of the show CLI command:

    url-sni-pool url_pool1
         http url contains google.com
         tls sni contains gmail.com

  • On User Plane: show user-plane-service url-sni-pool name pool_name

    For example, the following is a partial output of the show CLI command:

    url-sni-pool url_pool1
         http url contains google.com
         tls sni contains gmail.com

Total url-pool(s) found: 1

Monitoring and Troubleshooting

Show commands and Outputs

This section provides information about the show CLI commands available in support of the feature.

show configuration active-charging service name <service_name>

Use this CLI command in Control Plane to display the url-sni-pool attachment to the ruledef.

The following is a partial sample output:

ruledef special_charging_group1
      ip server-ip-address range host-pool IP_FREE_MUSIC
      tcp either-port range port-map PORT_FREE_MUSIC
      http-tls url-sni-pool url_pool1

show user-plane-service ruledef name <ruledef_name>

Use this show CLI command in User Plane to display the url-sni-pool attachment to the ruledef.

The following is a partial sample output:

Ruledef Name: special_charging_group1
    ip server-ip-address range host-pool IP_FREE_MUSIC
    tcp either-port range port-map PORT_FREE_MUSIC
    Rule Application Type: Charging
    Copy Packet to Log: Disabled
    Tethered Flow Check: Disabled
    Attached Url-Sni-Pool: url_pool1
    Multi-line OR: Disabled