EcoRouter Documentation

HTTP Redirection and Filtration EcoRouter Documentation / BRAS settings / HTTP Redirection and Filtration

Policy configuration for subscriber session

Policy configuration for subscriber session

The subscriber-policy is used to filter traffic in subscriber session. Up to 10 such policies can be set for one session. The traffic will be subsequently processed by each poliicy in accordance with its sequence number.

Use the subscriber-policy <NAME> command in configuration mode to create subscriber-policy where the <NAME> is the name of the entity created.

ecorouter(config)#subscriber-policy ?

  SUBSCRIBER_POLICY Subscriber policy name

After the subscriber-policy is created its context configuration mode is automatically entered.

ecorouter(config)#subscriber-policy subspolname

ecorouter(config-sub-policy)#

The subscriber-poliicy parameters are shown in the table below.

Parameter	Description
<BANDWIDTH>	Bandwidth in Mbit per sec, from 1 to 200
<DESCRIPTION>	Subscriber-policy description

For each subscriber-policy 2 separate prosessing rules (filter-map policy) can be set: one for incoming (in) traffic) and one for outgoing (out) traffic. If no filter-map policy is set for direction the corresponding traffic will not be processed by this policy, and there will be no changes in this traffic. Attention: without specifying the limitations in filter-map policy and assignement it to the same direction for subscriber-policy the traffic will not be limited to the bandwidth specified.

Use the set filter-map {in | out} <NAME> command in subscriber-policy context configuration mode to set the filter-map policy to traffic direction where <NAME> is filter-map policy name.

The example of subscriber-policy configuration (in this example is assumed that the filter-map policy with the name FMPname is already created and configured; creating and configuring filter-map policy are described below).

ecorouter(config)#subscriber-policy subspolname

ecorouter(config-sub-policy)#description Testsubscrpolicy

ecorouter(config-sub-policy)#bandwidth in 200

ecorouter(config-sub-policy)#set filter-map in FMPname

Filter-map policy creating and configuring

Use the filter-map policy ipv4 <NAME> command in configuration mode to create filter-map policy where <NAME> is the filter-map policy name.

ecorouter(config)#filter-map policy ipv4 ?

 FILTER_MAP_POLICY_IPV4 Filter map name

After the filter-map policy is created its context configuration mode is automatically entered.

ecorouter(config)#filter-map policy ipv4 FMPname

ecorouter(config-filter-map-policy-ipv4)#

Do the following steps to configure filter-map policy (as a result in the filter-map policy one rule will be created):

First line. Enter the filter-map policy ipv4 <FILTER_MAP_NAME> [<SEQUENCE_NUMBER>] command where <FILTER_MAP_NAME> is filter-map name, <SEQUENCE_NUMBER> is the. The parameters described in the table below.
Second line. Specify the match <PROTOCOL> <SRC_ADDRESS> [<PORT_CONDITION>] <DST_ADDRESS> [<PORT_CONDITION>] [dscp <DSCPVALUE>] [<FLAG>] rule that the packets will be checked against. The parameters described in the table below.
Third line. Specify an action that will be applied to packages that meet the conditions of the rule, by set <ACTION>. The parameters described in the table below.

Each filter-map can contain multiple rules. Follow the steps described above to add the rule into filter-map. Specify the <FILTER_MAP_NAME> of the filter-map where the rule should be added. The rule must have a unique <SEQUENCE> number within the same filter-map policy.

The common parameters of filter-map policy are described in the table below.

Parameter	Description
DIRECTION	Traffic direction, in - incoming traffic, out - outgoing traffic
FILTER_MAP_NAME	Filter-map name, an arbitrary value
SEQUENCE_NUMBER	Execution priority number, value range 0-65535. If the value is not specified, the parameter for the created filter-map ethernet will automatically receive the subsequent free value by step 10
PROTOCOL	Protocol field value. Can be specified from range 0-255 or one of the shown below: ipinip; icmp; gre; igmp; pim; rsvp; ospf; vrrp; ipcomp; any udp (attention, for this protocol additional parameters <PORT_CONDITION> are available); tcp (attention, for this protocol additional parameters <PORT_CONDITION> and <FLAG> are available)
SRC_ADDRESS	Source IP address, specified in one of the following formats: A.B.C.D/M (IP-address with mask), A.B.C.D K.L.M.N (IP-address with a wildcard mask), host A.B.C.D (if a single address should match the rule), any (if all addresses should match the rule)
DST_ADDRESS	Destination IP address, specified in one of the following formats: A.B.C.D/M (IP-address with mask), A.B.C.D K.L.M.N (IP-address with a wildcard mask), host A.B.C.D (if a single address should match the rule), any (if all addresses should match the rule)
DSCPVALUE	DSCP (Differentiated Services Code Point) value to check packet, integer from 0 to 63
set <ACTION>
set accept	Allow the packet transit
set discard	Disallow the packet transit without sending ICMP notification
set nexthop <A.B.C.D>	Specify the next hop IP address. The packets that match the rule will be sent to the next hop, taking into account the routes in the RIB
set redirect <REDIRECTNAME>	Redirect the HTTP GET to the specific <REDIRECTNAME>, where <REDIRECTNAME> is the name of the predefined URL (the redirection address must start with http://). An example of the redirection setting is shown below.
set reject	Disallow the packet transit with sending ICMP notification
set vrf <VRF_NAME> [<A.B.C.D>]	For the packets that match the rule, the vrf routing table will be used, where VRF_NAME is the name of the required vrf. For this vrf, you can specify the next hop IP address (optional)

When specifying the udp protocol, the second line of the filter-map creation command will look like this: match udp <SRC_ADDRESS> [<PORT_CONDITION>] <DST_ADDRESS> [<PORT_CONDITION>] [dscp <DSCPVALUE>].

The additional parameters related to the udp protocol are shown in the table below.

Parameter	Description
PORT_CONDITION	Condition for the port value. One of the following values can be specified: {{eq \| gt \| lt} {tftp \| bootp \| <0-65535>} \| range <0-65535> <0-65535>}
PORT_CONDITION values
eq	Port number is equal to
gt	Port number is grearer than
lt	Port number is less than
tftp	UDP(69)
bootp	UDP(67)
<0-65535>	Exact port number, any value from the specified range
range <0-65535> <0-65535>	Port number is in range

When specifying the tcp protocol, the second line of the filter-map creation command will look like this: match tcp <SRC_ADDRESS> [<PORT_CONDITION>] <DST_ADDRESS> [<PORT_CONDITION>] [dscp <DSCPVALUE>] [<FLAG>].

The additional parameters related to the tcp protocol are shown in the table below.

Parameter	Description
PORT_CONDITION	Condition for the port value. One of the following values can be specified: {{eq \| gt \| lt} {ftp \| ssh \| telnet \| www \| <0-65535>} \| range <0-65535> <0-65535>}
FLAG	The values of the flag by which packet processing can be distinguished. One of the following values can be specified (the not- prefix means that the specified flag is not set): urg \| not-urg \| ack \| not-ack \| psh \| not-psh \| rst \| not-rst \| syn \| not-syn \| fin \| not-fin
PORT_CONDITION values
eq	Port number is equal to
gt	Port number is grearer than
lt	Port number is less than
ftp	TCP(21)
ssh	TCP(22)
telnet	TCP(23)
www	TCP(HTTP-80)
<0-65535>	Exact port number, any value from the specified range
range <0-65535> <0-65535>	Port number is in range

Address for redirection specifying

ecorouter(config)#redirect-url SITEREDIRECT

ecorouter(config-redirect-url)#url http://forredirect.org

Example of configuration for traffic processing in subscriber session

In this example the static IPoE is configured.

As a result of the following settings, all incoming traffic of icmp type will be discarded at the input, incoming udp-traffic will be limited to 20 Mbps, incoming tcp-traffic will be skipped unchanged (by using filter-map policy named NAME1).

The outgoing traffic will be limited to 5 Mbps (by using filter-map policy named NAME2), outgoing tcp-traffic of port 80 will be redirected to the http://forredirect.org.

filter-map policy ipv4 NAME1 10
 match icmp any any
 set discard
filter-map policy ipv4 NAME1 20
 match udp any any
 set accept
filter-map policy ipv4 NAME2 10

 match tcp any any eq 80
 set redirect SITEREDIRECT

filter-map policy ipv4 NAME2 20
 match any any any
 set accept

!
subscriber-policy NAME
 bandwith in 20
 set filter-map in NAME1 10
 bandwith out 5
 set filter-map out NAME2 10
!
subscriber-service NAME
 set policy NAME
!
ip prefix-list NAME seq 5 permit 10.10.10.100/32 eq 32
!
subscriber-map NAME 10
 match static prefix-list NAME
 set service NAME
!
interface ipoe.1
 ip mtu 1500
 ip address 10.10.10.1/24