sw sdx service policy

8/11/2019 Sw Sdx Service Policy

1/453


2/453

Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and othercountries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered servicemarks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, orotherwise revise this publication without notice.

This product includes the following software: Fontconfig, X FreeType library, X Render extension headers, and X Render extension library, copyright 2001,2003 Keith Packard.

Permission to use, copy, modify, distribute, and sell this software and i ts documentation for any purpose is hereby granted without fee, provided that theabove copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that thename of Keith Packard not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. KeithPackard makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.

KEITH PACKARD DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY ANDFITNESS, IN NO EVENT SHALL KEITH PACKARD BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGESWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUSACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Products made or sold by Juniper Networks (including the ERX-310, ERX-705, ERX-710, ERX-1410, ERX-1440, M5, M7i, M10, M10i, M20, M40, M40e,M160, M320, and T320 routers, T640 routing node, and the JUNOS, JUNOSe, and SDX-300 software) or components thereof might be covered by one ormore of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650,6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Copyright 2007, Juniper Networks, Inc.

All rights reserved. Printed in USA.SRC-PE SoftwareServices and Policies Guide, Release 2.0.xWriting: Justine Kangas, Helen Shaw, Linda Creed, Betty LewEditing: Fran MuesIllustration: Nathaniel WoodwardCover Design: Edmonds Design

Revision History11 October 2007Revision 1

The information in this document is current as of the date listed in the revision history.

Software License

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to theextent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, youindicate that you understand and agree to be bound by those terms and conditions.

Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain

uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.

For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.

END USER LICENSE AGREEMENT

READ THIS END USER LICENSE AGREEMENT (AGREEMENT) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING,INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER ORIF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THISAGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THESOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively Juniper), and the person or organization thatoriginally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (Customer) (collectively, the Parties).

2. The Software. In this Agreement, Software means the program modules and features of the Juniper or Juniper-supplied software, and updates andreleases of such software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller. EmbeddedSoftware means Software which Juniper has embedded in the Juniper equipment.

3. License Grant.Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusiveand non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use the Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer fromJuniper or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for whichCustomer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only,Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number ofprocessors. Use of the Steel-Belted Radius software on multiple computers requires multiple licenses, regardless of whether such computers arephysically contained on a single chassis.


3/453

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits toCustomers use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls,connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particularfeatures, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface,processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks orrequire the Software to be used only in conjunction with other specific Software. Customers use of the Software shall be subject to all such limitationsand purchase of all applicable licenses.

d. For any trial copy of the Software, Customers right to use the Software expires 30 days after download, installation or use of the Software. Customermay operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additionaltrial period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customers enterprise network.Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software tosupport any commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicablelicense(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions.Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not:(a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessaryfor backup purposes); (c) rent, sell , transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove anyproprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of theSoftware to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any locked or key-restrictedfeature, function, service, application, operation, or capability without first purchasing the applicable l icense(s) and obtaining a valid key from Juniper, evenif such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to

any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniperreseller; (i) use the Embedded Software on non-Juniper equipment; (j) use the Software (or make it available for use) on Juniper equipment that theCustomer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software toany third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.

5. Audit.Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnishsuch records to Juniper and certify its compliance with this Agreement.

6. Confidentiality.The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customershall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includesrestricting access to the Software to Customer employees and contractors having a need to use the Software for Customers internal business purposes.

7. Ownership.Juniper and Junipers l icensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software,associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in theSoftware or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement thataccompanies the Software (the Warranty Statement). Nothing in this Agreement shall give rise to any obligation to support the Software. Support servicesmay be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENTPERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODSOR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER

OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OFANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BYLAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE),INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOESJUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR ORINTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Junipers or its suppliers or licensors liability toCustomer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gaverise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges andagrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liabil ity set forthherein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and causeconsequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termination.Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the licensegranted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customerspossession or control.

10. Taxes. All license fees for the Software are exclusive of taxes, withholdings, duties, or levies (collectively Taxes). Customer shall be responsible forpaying Taxes arising from the purchase of the license, or importation or use of the Software.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign

agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, orwithout all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryptionor other capabilities restricting Customers ability to export the Software without an export license.

12. Commercial Computer Software.The Software is commercial computer software and is provided with restricted rights. Use, duplication, ordisclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4,FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information.To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interfaceinformation needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any.Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with anyapplicable terms and conditions upon which Juniper makes such information available.


4/453

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technologyare embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendorshall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with theSoftware and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under andsubject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License(GPL) or the GNU Library General Public License (LGPL)), Juniper will make such source code portions (including Juniper modifications, as appropriate)available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N.Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of theLGPL at http://www.gnu.org/licenses/lgpl.html.

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. Theprovisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, theParties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. ThisAgreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior andcontemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except thatthe terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms areinconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unlessexpressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall notaffect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and theParties agree that the English version will govern. (For Canada: Les parties aux prsents confirment leur volont que cette convention de mme que tousles documents y compris tout avis qui s'y rattach, soient redigs en langue anglaise. (Translation: The parties confirm that this Agreement and all relateddocumentation is and will be in the English language)).


5/453

Table of Contents v

Table of Contents

About This Guide xv

Objectives......................................................................................................xvAudience........................................................................................................ xvDocumentation Conventions......................................................................... xviRelated Juniper Networks Documentation.................................................... xviiObtaining Documentation.............................................................................xix

Documentation Feedback .............................................................................xixRequesting Support........................................................................................xx

Part 1 Managing Services and Service Schedules

Chapter 1 Managing Services with the SRC CLI 3

Overview of Services........................................................................................4Automatic Service Activation.....................................................................4

Enabling the Service Configuration on the SRC CLI..........................................4Before You Configure Services .........................................................................4

Adding a Normal Service with the SRC CLI ......................................................5Setting Parameter Values for Services with the SRC CLI...................................8Aggregating Services ........................................................................................9

Fragment Services ...................................................................................10Subscriber Reference Expressions for Fragment Services .................10Mandatory Services...........................................................................10Redundant Services...........................................................................11

Aggregate Service Sessions......................................................................11Session Activation ............................................................................11Session Deactivation ........................................................................12Session Monitoring ...........................................................................12

Service Activation....................................................................................13Before You Configure an Aggregate Service ............................................14

How Parameters Are Passed From Aggregate Service toFragment Service ..............................................................................15Configuring Service Fragments for an Aggregate Service with the

SRC CLI.............................................................................................15Using Python Expressions in a Subscriber Reference Expression......17Configuration Examples for Aggregate Services ................................18

Configuring Timers for Aggregate Services with the SRC CLI ................... 18Sharing Service Provisioning..........................................................................19

Adding an Infrastructure Service with the SRC CLI ..................................20


6/453

vi Table of Contents

SRC-PE 2.0.x Services and Policies Guide

Extending Service Implementations with Script Services .............................. 20Writing Scripts for Script Services............................................................21

Example: Using the ScriptService SPI in Jython.................................22Example: Using the ScriptService SPI in Java ....................................23

Configuring Script Services with the SRC CLI...........................................24Restricting Simultaneous Activation of Services .............................................25

Restricting Simultaneous Activation of Persistent or Automatic Services .25Adding a Mutex Group with the SRC CLI..................................................26

Restricting and Customizing Services for Subscribers ....................................27Assigning Service Scopes to Multiple VRs and Subscribers.......................27Defining Multiple Scopes for a Service.....................................................27Configuring Service Scopes......................................................................28

Adding Service Scopes with the SRC CLI ...........................................28Assigning Services and Mutex Groups to Service Scopes with the SRC

CLI..............................................................................................29Assigning Service Scopes to VRs or Subscribers with the SRC CLI.....29

Service Scope Configuration SRC CLI Examples.......................................29

Example: Delivering a Limited Set of Services to Organizations........29Example: Customizing Generic Services to Particular Regions ..........30

Restricting Service Activation.........................................................................31

Chapter 2 Managing Services on a Solaris Platform 33

Overview of Services......................................................................................34LDAP Model for Services ........................................................................ 34

Adding Services .............................................................................................34Adding Services to Gain Access to Networks ..................................................35

Access Service Fields...............................................................................36Adding Outsourced Services...........................................................................36

Outsourced Service Fields........................................................................38Adding RADIUS Services ................................................................................38

RADIUS Service Fields.............................................................................39Defining Vendor-Specific Attributes in the ERX VSA (I) Tab ....................41Defining Vendor-Specific Attributes in the ERX VSA (II) Tab....................45

Adding Value-Added Services.........................................................................47Before You Configure Value-Added Services ............................................47

Adding a Normal Value-Added Service ..........................................................48Value-Added Service Fields......................................................................49

Setting Parameters for Value-Added Services.................................................53Parameter Fields .....................................................................................54Configuring Substitutions ........................................................................56

Adding Substitutions .........................................................................56Substitutions to a Transmission Rate for a Scheduled Action ............57Modifying Substitutions.....................................................................57

Deleting Substitutions .......................................................................58Aggregating Services ......................................................................................59

Fragment Services ...................................................................................59Subscriber Reference Expressions for Fragment Services .................59Mandatory Services...........................................................................60Redundant Services...........................................................................60

Aggregate Service Sessions......................................................................60Session Activation ............................................................................60Session Deactivation ........................................................................61Session Monitoring ...........................................................................61

Service Activation....................................................................................62


7/453

Table of Contents

Table of Contents vi

Before You Configure an Aggregate Service ............................................63Adding an Aggregate Service...................................................................64

Configuration Examples for Aggregate Services ................................66Service Fragment Fields....................................................................66Using Python Expressions in a Subscriber Reference Expression......69

Sharing Service Provisioning..........................................................................70Adding an Infrastructure Service .............................................................70

Extending Service Implementations with Script Services .............................. 72Writing Scripts for Script Services............................................................72

Example: ScriptService SPI in Jython ................................................74Example: ScriptService SPI in Java....................................................75

Adding Script Services .............................................................................75Configuring Values for Script Services ...............................................77Removing a File or URL from a Script Service...................................78

Restricting Simultaneous Activation of Services .............................................78Restricting Simultaneous Activation of Persistent or Automatic Services .79Adding a Mutex Group.............................................................................79

Mutex Group Fields...........................................................................81Adding Services to a Mutex Group ...........................................................81

Restricting and Customizing Services for Subscribers ....................................82Assigning Service Scopes to Multiple VRs and Subscribers.......................82Defining Multiple Scopes for a Service.....................................................83Configuring Service Scopes......................................................................83

Adding Service Scopes ......................................................................84Service Scope Field ...........................................................................85Assigning Services to Service Scopes.................................................85Adding Mutex Groups to Service Scopes ...........................................85Assigning Service Scopes ..................................................................86

Service Scope Configuration Examples....................................................86Example: Delivering a Limited Set of Services to Organizations........86

Example: Customizing Generic Services to Particular Regions ..........87Allowing Automatic Service Activation...........................................................88Configuring Permanent Services..............................................................88

Reviewing Service Status................................................................................89Restricting Service Activation.........................................................................89Modifying Services.........................................................................................89Deleting Services............................................................................................90

Deleting Services from SDX Admin .........................................................90Deleting Services with Tools Other Than SDX Admin.............................. 90Deleting Services from Scopes.................................................................91

Chapter 3 Managing Service Schedules 93

Overview of Service Schedules.......................................................................93

Event-Based Schedules ............................................................................94Action Threshold...............................................................................94Preparation Time .............................................................................94

Authorization Schedules ..........................................................................95State-Based Schedules .............................................................................95Effective Period for Service Activation or Deactivation ............................96One-Time Events and Recurring Events ..................................................97Schedule Availability to Subscribers.........................................................98Schedule Exclusions ................................................................................98


8/453

viii Table of Contents


Planning Service Schedules............................................................................98Schedule Configuration Guidelines...........................................................99Planning Schedules..................................................................................99

Chapter 4 Scheduling Services with the SRC CLI 101

Setting the Action Threshold and Preparation Time with the CLI .................102Authorizing Scheduled Services with the CLI................................................103Adding a Service Schedule with the CLI .......................................................104

Setting the Time Schedule .....................................................................105Guidelines for Entering Time Values......................................................107Setting the Action ..................................................................................108

Defining Attributes for Service Activation........................................109Example: Configuring Different Service Tiers for Different Days

with the CLI ...........................................................................................109Example: Configuring a Service to Be Active During Nonwork Hours

with the CLI ...........................................................................................111

Example: Configuring a Service to Be Available for a Specified Intervalwith the CLI ...........................................................................................113

Chapter 5 Scheduling Services on a Solaris Platform 115

Authorizing Scheduled Services on a Solaris Platform..................................115Adding a Service Schedule on a Solaris Platform..........................................116

Service Schedule Fields..........................................................................117Creating an Entry for a Schedule on a Solaris Platform ................................118

Setting the Time Schedule .....................................................................120Sample Time Definitions .......................................................................120Configuring the Time Schedule ..............................................................120Guidelines for Entering Time Values......................................................121Time Values...........................................................................................122

Setting the Action ..................................................................................124Changing or Removing the Name of a Service Associated with a Schedule ..125

Deleting a Schedule Entry......................................................................126Deleting a Schedule Exclusion Entry......................................................126Editing a Schedule Entry........................................................................126Editing a Schedule Exclusion Entry........................................................126

Example: Configuring Different Service Tiers for Different Days..................126Example: Configuring a Service to Be Active During Nonwork Hours...........131Example: Configuring a Service to Be Available for a Specified Interval ....... 136

Part 2 Defining Policies to Manage Traffic

Chapter 6 Policy Management Overview 141

Overview of Policy Management..................................................................141Router Policy Features Supported .........................................................141

JUNOS Routing Platform Features ...................................................141JUNOSe Router Features .................................................................143

Default Policies and Service Policies ......................................................143


9/453

Table of Contents

Table of Contents ix

How Policies Are Installed on the Router ...............................................144Installing Default Policies ................................................................144Installing and Removing Service Policies.........................................144Reloading Default Policies...............................................................145Policy List Sharing ..........................................................................145

Network Perspective for Creating Policies .............................................145Collecting Accounting Statistics .............................................................146

Policy Components ......................................................................................146Policy Editor ..........................................................................................147Policy Engine.........................................................................................147Policy Repository...................................................................................148Policy Enforcement Point ......................................................................148

Policy Information Model.............................................................................148Policy Objects........................................................................................149Policy Rules...........................................................................................150

Supported Conditions and Actions ..................................................150Policy Conditions ..................................................................................152

Multiple Classifiers ..........................................................................153Rate-Limiting with Multiple Classifiers.............................................153Expanded Classifiers .......................................................................153

Policy Actions .......................................................................................154Combining Actions..........................................................................156

Policy LDAP Schema Model...................................................................156Delivering QoS Services in a Cable Environment .........................................157

Service Flow Scheduling Types..............................................................157Client Type 1 Support............................................................................158Proxied QoS with Policy Push................................................................159PCMM Gate............................................................................................159Session Class ID ....................................................................................159PCMM Classifiers ..................................................................................160

PCMM Classifiers and Extended Classifiers .....................................160Guidelines for Configuring Classifiers ..............................................160Traffic Profiles .......................................................................................161

DOCSIS Parameters .......................................................................161Service Class Name ........................................................................161FlowSpec Parameters......................................................................161

Marking Packets ....................................................................................163

Chapter 7 Using Policy Editor 165

Overview of Policy Editor.............................................................................165Key Mapping .........................................................................................166Nonroot Users .......................................................................................166Exception Handling for the Directory ...................................................166

Providing Data Security .........................................................................167Working with Policy Data Files..............................................................167Multi-User and Multi-Instance Concurrence ...........................................167

Starting Policy Editor ...................................................................................169Understanding the Policy Editor Layout .......................................................170

Using the Menu Bar ...............................................................................171Using the Toolbar ..................................................................................172

Using the Navigation Pane ...........................................................................173Navigation Pane Icons ...........................................................................174


10/453

x Table of Contents


General Procedures for Using Policy Editor ..................................................175Customizing Policy Editor Properties.....................................................175Opening Multiple Policy Editor Windows...............................................176Printing Policy Objects ..........................................................................176Undoing and Redoing Operations..........................................................176Filtering Searches ..................................................................................177Finding Objects in the Navigation Pane .................................................178Running Queries for QoS Policy Information.........................................178Accessing Router CLIs............................................................................179

Modifying Policies ........................................................................................179Selecting Multiple Objects......................................................................179Using Drag and Drop to Cut and Paste Objects......................................179Cutting Objects ......................................................................................179Copying Objects ....................................................................................180Pasting Objects......................................................................................180Deleting Policy Objects..........................................................................180Reloading a Policy Object ......................................................................181

Using Pop-Up Menus....................................................................................181Using the Content Pane................................................................................184Using Tool Tips ............................................................................................185Internationalization......................................................................................186Storing and Retrieving Policies ....................................................................187Sorting Objects.............................................................................................187

Chapter 8 Overview of Using Local and Global Parameters 189

Overview of Global and Local Parameters....................................................189Parameter Types..........................................................................................190

Predefined Global Parameters ...............................................................196Naming Global Parameters....................................................................199

Chapter 9 Configuring Local and Global Parameters with Policy Editor 201

Viewing Global Parameters in Policy Editor .................................................201Viewing Local Parameters in Policy Editor ...................................................202Creating and Modifying Global Parameters in Policy Editor .........................203

Creating Global Parameters from the Parameters Folder....................... 203Creating Global Parameters Within a Policy...........................................204Parameter Definition Fields...................................................................205

Creating and Modifying Local Parameters in Policy Editor ..........................206Creating a Local Parameter....................................................................207

Chapter 10 Configuring and Managing Policies with the SRC CLI 209

Before You Configure Policies ......................................................................209Creating a Worksheet ............................................................................209Naming Objects.....................................................................................210Using the apply-groups Statement .........................................................210Using Expressions .................................................................................210Policy Values .........................................................................................210

SAE to JUNOS Routing Platforms.....................................................210SAE to JUNOSe Routers...................................................................211

Enabling the Policy Configuration on the SRC CLI........................................211Configuring Policy Folders .......................................................................... 211Configuring Policy Groups ...........................................................................212Configuring Policy Lists ...............................................................................212


11/453

Table of Contents

Table of Contents x

Configuring Policy Rules ..............................................................................213Before You Configure JUNOS Policy Rules .............................................213

JUNOS Scheduler and JUNOS Shaping Policy Rules .........................213JUNOS ASP Policy Rules ..................................................................214

Setting the Policy Rule Precedence........................................................214Adding a Policy Rule..............................................................................215

Configuring Classify-Traffic Conditions ........................................................216Before You Configure Classify-Traffic Conditions...................................217Enabling Expansion of JUNOSe Classify-Traffic Conditions....................218Specifying the PCMM Classifier Type.....................................................218Specifying Port Access for Traffic Classification.....................................219Creating a Classify-Traffic Condition......................................................220Configuring Source Networks ...............................................................221Configuring Source Grouped Networks ..................................................222Configuring Destination Networks ........................................................223Configuring Destination Grouped Networks...........................................224Configuring Protocol Conditions ............................................................225

Configuring Protocol Conditions with Ports ...........................................226Configuring Protocol Conditions with Parameters .................................229Configuring TCP Conditions...................................................................233Configuring ICMP Conditions.................................................................235Configuring IGMP Conditions ................................................................237Configuring IPSec Conditions ................................................................238Configuring ToS Byte Conditions ...........................................................239Configuring JUNOS Filter Conditions .....................................................240Configuring Application Protocol Conditions ........................................241

Using Map Expressions in Application Protocol Conditions.............244Configuring QoS Conditions ........................................................................245Configuring Actions .....................................................................................245

Configuring Color Actions......................................................................246

Configuring DOCSIS Actions .................................................................247Configuring Filter Actions......................................................................251Configuring FlowSpec Actions .............................................................. 252Configuring Forward Actions ................................................................254Configuring Forwarding Class Actions ..................................................254Configuring GateSpec Actions ...............................................................255Configuring Loss Priority Actions ..........................................................256Configuring Mark Actions ......................................................................257Configuring NAT Actions ...................................................................... 258Configuring Next-Hop Actions .............................................................. 259Configuring Next-Interface Actions .......................................................260Configuring Next-Rule Actions...............................................................261Configuring Policer Actions ...................................................................261

Configuring the Packet Action for the Policer Action....................... 262Configuring QoS Profile Attachment Actions .........................................264Configuring Rate-Limit Actions .............................................................265Configuring Reject Actions.....................................................................269Configuring Routing Instance Actions ...................................................270Configuring Scheduler Actions ..............................................................271

Configuring Drop Profiles................................................................272Configuring Service Class Name Actions ...............................................274Configuring Stateful Firewall Actions .....................................................275Configuring Traffic-Class Actions ...........................................................276


12/453

xii Table of Contents


Configuring Traffic-Mirror Actions .........................................................277Configuring Traffic-Shape Actions .........................................................278Configuring User Packet Class Actions...................................................279

Chapter 11 Configuring and Managing Policies with Policy Editor 281

Before You Configure Policies ......................................................................282Creating a Worksheet ............................................................................282Naming Objects.....................................................................................282Using the apply-groups Statement .........................................................282Using Expressions .................................................................................283Policy Values .........................................................................................283

SAE to JUNOS Routing Platforms.....................................................283SAE to JUNOSe Routers...................................................................283

Configuring Policy Folders .......................................................................... 284Policy Folder Fields................................................................................285

Configuring Policy Groups ...........................................................................285

Policy Group Fields................................................................................286Using the PolicyGroup Summary Table .................................................287Configuring Policy Lists ...............................................................................288

Policy List Fields....................................................................................289Using the PolicyList Summary Table .....................................................290

Configuring Policy Rules ..............................................................................291Before You Configure JUNOS Policy Rules .............................................291

JUNOS Scheduler and JUNOS Shaping Policy Rules .........................291JUNOS ASP Policy Rules ..................................................................291

Setting the Policy Rule Precedence........................................................292Adding a Policy Rule..............................................................................292Policy Rule Fields...................................................................................293Using the PolicyRule Summary Table ....................................................294

Configuring Classify-Traffic Conditions ........................................................295Specifying the PCMM Classifier Type.....................................................296Specifying Port Access for Traffic Classification.....................................296Classify-Traffic Condition Fields.............................................................298Direction Field.......................................................................................299Network Protocol Fields.........................................................................299Source and Destination Network Fields ................................................ 300Packet Length Field ...............................................................................303IP Protocol Fields...................................................................................304ToS Byte................................................................................................306TCP, ICMP, IGMP, and IPSec Protocol Fields..........................................307JUNOS Filter Condition Fields ................................................................309Application Protocol Fields ....................................................................311

Using Map Expressions in Application Protocol Conditions.............312

Filling in Application Protocol Fields ...............................................313Configuring QoS Conditions ........................................................................316

QoS Condition Fields.............................................................................317Configuring Actions .....................................................................................318

Adding Actions ......................................................................................318Configuring Color Actions......................................................................320Configuring DOCSIS Actions .................................................................321Configuring Filter Actions ......................................................................325Configuring FlowSpec Actions ..............................................................326Configuring Forward Actions ................................................................329Configuring Forwarding Class Actions ..................................................330


13/453

Table of Contents

Table of Contents xii

Configuring GateSpec Actions ...............................................................331Configuring Loss Priority Actions ..........................................................333Configuring Mark Actions ......................................................................334Configuring NAT Actions ...................................................................... 335Configuring Next-Hop Actions .............................................................. 337Configuring Next-Interface Actions .......................................................339Configuring Next-Rule Actions...............................................................341Configuring Policer Actions ...................................................................342Configuring QoS Profile Attachment Actions .........................................344Configuring Rate-Limit Actions .............................................................346Configuring Reject Actions.....................................................................350Configuring Routing Instance Actions ...................................................351Configuring Scheduler Actions ..............................................................352

Configuring Drop Profile Maps ........................................................355Configuring Service Class Name Actions ...............................................358Configuring Stateful Firewall Actions .....................................................359Configuring Traffic-Class Actions ...........................................................360

Configuring Traffic-Mirror Actions .........................................................361Configuring Traffic-Shape Actions .........................................................363Configuring User Packet Class Actions...................................................364

Modifying Policy Objects in the Directory ....................................................365Modifying Policy Groups........................................................................365Adding Policy Groups ........................................................................... 365Deleting and Purging Policy Groups from the Directory.........................365

Chapter 12 Policy Examples Created with the SRC CLI 367

Example: Creating Access Policies for Subscribers .......................................367Types of Policies....................................................................................367Sample Access Policies ..........................................................................368

DHCP Policy Group .........................................................................368PPP Policy Group ...........................................................................370

Example: Providing Tiered Internet Services with Policing ..........................371Types of Policies....................................................................................371Sample JUNOSe Rate-Limiting Policy.....................................................372Sample JUNOS Policer Policy ................................................................374Defining the Tiered Internet Services.....................................................375

Internet-Gold Service.......................................................................375Internet-Silver Service .....................................................................375Internet-Bronze Service...................................................................375

Example: Providing Premium Services ........................................................376Types of Policies....................................................................................376Sample JUNOS and JUNOSe Content Provider Policies ..........................376Defining the Premium Services .............................................................378

Music Service ..................................................................................378News Service...................................................................................378

Chapter 13 Policy Examples Created with Policy Editor 379

Example: Creating Access Policies for Subscribers .......................................379Types of Policies....................................................................................379Sample Access Policies ..........................................................................380

DHCP Policy Group .........................................................................380PPP Policy Group ...........................................................................382


14/453

xiv Table of Contents


Example: Providing Tiered Internet Services with Policing ..........................383Types of Policies....................................................................................383Sample JUNOSe Rate-Limiting Policy.....................................................384Sample JUNOS Policer Policy ................................................................386Defining the Tiered Internet Services.....................................................387

Internet-Gold Service.......................................................................388Internet-Silver Service .....................................................................388Internet-Bronze Service...................................................................388

Example: Providing Premium Services ........................................................389Types of Policies....................................................................................389Sample JUNOS and JUNOSe Content Provider Policies ..........................390Defining the Premium Services .............................................................392

Music Service ..................................................................................393News Service...................................................................................393

Part 3 Generating Policies by Specifying Parameters

Chapter 14 Defining and Acquiring Values for Parameters 397

Parameters and Substitutions ......................................................................397Value Acquisition for Single Subscriptions....................................................398Value Acquisition for Multiple Subscriptions.................................................400Defining Parameters ....................................................................................401Formatting Substitutions..............................................................................403Parameter Names ........................................................................................403Roles............................................................................................................403Expressions .................................................................................................404

Specifying Parameter Names.................................................................405Formatting Numbers .............................................................................405Formatting Strings.................................................................................405Using IPv4 Addresses ............................................................................406Specifying Ranges .................................................................................406Formatting Lists.....................................................................................406Formatting Maps ...................................................................................406Using Keywords.....................................................................................406Using Separators....................................................................................407Using Operators.....................................................................................407

Adding Comments to Substitutions..............................................................410Validating Substitutions................................................................................410Example: Parameter Value Substitution .......................................................411

Setting Up a Service That Uses Parameters............................................411

Summary of Procedure ...................................................................412Creating a Policy Group...................................................................413Creating a Value-Added Service.......................................................419Creating an Enterprise Subscriber ...................................................420Subscribing ABCInc to the GoldMetered Service..............................422

Acquiring the Parameter Values.............................................................423

Index 425


15/453

Objectives xv

About This Guide

This preface provides the following guidelines for using SRC-PE Software Servicesand Policies Guide.

Objectives on page xv

Audience on page xv Documentation Conventions on page xvi

Related Juniper Networks Documentation on page xvii

Obtaining Documentation on page xix

Documentation Feedback on page xix

Requesting Support on page xx

Objectives

This guide describes how to manage services and policies for your Session andResource Control (SRC) configuration. It also provides information about how theSAE acquires values for policies when it is managing JUNOSe routers or JUNOSrouting platforms.

Audience

This guide is intended for experienced system and network specialists working withJUNOSe routers and JUNOS routing platforms in an Internet access environment.We assume that readers know how to use the routing platforms, directories, andRADIUS servers that they will deploy in their SRC networks. For users who deploythe SRC software on a Solaris platform, we also assume that readers are familiarwith the Lightweight Directory Access Protocol (LDAP) and the UNIX operatingsystem.

NOTE: If the information in the latest SRC Release Notes differs from theinformation in this guide, follow the SRC Release Notes.


16/453


xvi Documentation Conventions

If you are using the SRC software in a cable network environment, we assume thatyou are familiar with thePacketCable Multimedia Specification(PCMM) as defined byCable Television Laboratories, Inc. (CableLabs) and with the Data-over-Cable ServiceInterface Specifications (DOCSIS) 1.1 protocol. We also assume that you are familiarwith operating a multiple service operator (MSO) multimedia-managed IP network.

Documentation Conventions

The sample screens used throughout this guide are representations of the screensthat are displayed when you install and configure the SRC software. The actualscreens may differ.

For convenience and clarity, the installation and configuration examples showdefault file paths. If you do not accept the installation defaults, your paths will varyfrom the examples.

Table 1defines notice icons used in this guide. Table 2defines text conventionsused throughout the documentation.

Table 1: Notice Icons

Icon Meaning Description

Informational note Indicates important features or instructions.

Caution Indicates a situation that might result in loss of data orhardware damage.

Warning Alerts you to the risk of personal injury.

Table 2: Text Conventions

Convention Description Examples

Bold typeface Represents keywords, scripts,options, and tools in text.

Represents a GUI element that theuser selects, clicks, checks, or clears.

Specify the keyword exp-msg.

Run the install.shscript with the -unconfigoption.

Use the pkgaddtool.

To cancel the configuration, click Cancel.

Bold sans serif typeface Represents text that the user must type. user@host#set cache-entry-agecache-entry-age

Monospace sans seriftypeface

Represents information as displayed onyour terminals screen, such as CLIcommands in output displays.

nic-locators {login {

resolution {

resolver-name /realms/login/A1;

key-type LoginName;

value-type SaeId;

}


17/453

Related Juniper Networks Documentation xvi

About This Guide

Related Juniper Networks Documentation

With each SRC software release, we provide the SRC Documentation CD, whichcontains the documentation described in Table 3.

With each SRC Application Library release, we provide the SRC Application LibraryCD. This CD contains both the software applications and the SRC Application LibraryGuide.

A complete list of abbreviations used in this document set, along with theirspelled-out terms, is provided in the SRC Getting Started Guide.

Regular sans serif typeface Represents configuration statements.

Indicates SDX CLI commands in text.

Represents examples in procedures.

Represents URLs.

system ldap server {

stand-alone; Use the show configurationcommand.

user@host# . . .

http://www.juniper.net/techpubs/software/management/sdx/api-index.html

Italic sans serif typeface Represents variables in SDX CLIcommands.

user@host#set local-addresslocal-address

Angle brackets In text descriptions, indicate optionalkeywords or variables.

Another runtime variable is .

Key name Indicates the name of a key on thekeyboard.

Press Enter.

Key names linked with a plus

sign (+) .

Indicates that you must press two or

more keys simultaneously.

Press Ctrl+b.

Italic typeface Emphasizes words.

Identifies chapter, appendix, andbook names.

Identifies distinguished names.

Identifies files, directories, and pathsin text but not in commandexamples.

There are two levels of access: userandprivileged.

Chapter 2, Services.

o=Users, o=UMC

The/etc/default.propertiesfile.

Backslash At the end of a line, indicates that thetext wraps to the next line.

Plugin.radiusAcct-1.class=\net.juniper.smgt.sae.plugin\RadiusTrackingPluginEvent

Words separated by the | symbol Represent a choice to select onekeyword or variable to the left or right

of this symbol. (The keyword orvariable may be either optional orrequired.)

diagnostic | line

Table 2: Text Conventions (continued)

Convention Description Examples


18/453


xviii Related Juniper Networks Documentation

Table 3: Juniper Networks C-series and SRC Technical Publications

Document Description

Core Documentation Set

C2000 and C4000 Hardware Guide Describes the hardware platforms and how to install, maintain, replace, andtroubleshoot them. The guide also includes specifications.

C2000 and C4000 Quick Start Guide Describes how to get the C-series Controller up and running quickly. Intended forexperienced installers who want to expedite the installation process.

SRC-PE Getting Started Guide Describes the SRC software, how to set up an initial software configuration, andhow to upgrade the SRC software. It also explains how to manage a C-seriesController. The guide describes how to set up and start the SRC CLI and the C-Webinterface, as well as other SRC configuration tools. It includes reference materialfor the SRC documentation.

SRC-PE CLI User Guide Describes how to use the SRC CLI, configure and monitor the platform with theCLI, and control the CLI environment. The guide also describes how to manageSRC components with the CLI.

SRC-PE Network Guide: SAE, JuniperNetworks Routers, NIC, and SRC-ACP

Describes how to use and configure the SAE, the NIC, and the SRC-ACP(Admission Control Plug-In) application. This guide also provides detailedinformation for using JUNOSe routers and JUNOS routing platforms in the SRCnetwork.

SRC-PE Integration Guide: Network Devices,Directories, and RADIUS Servers

Describes how to integrate external componentsnetwork devices, directories,and RADIUS serversinto the SRC network. The guide provides detailedinformation about integrating specific models of the external components.

SRC-PE Services and Policies Guide Describes how to work with services and policies. The guide provides an overview,configuration procedures, and management information. The guide also providesinformation about the SRC tools for configuring policies.

SRC-PE Subscribers and SubscriptionsGuide

Describes how to work with residential and enterprise subscribers andsubscriptions. The guide provides an overview, configuration procedures, andmanagement information. This guide also provides information about the

enterprise service portals, including the Enterprise Manager Portal.

SRC-PE Monitoring and TroubleshootingGuide

Describes how to use logging, the SNMP agent, the SRC CLI, and the C-Webinterface to monitor and troubleshoot SRC components. This guide also describesthe SNMP traps.

SRC-PE Solutions Guide Provides high-level instructions for SRC implementations. The guide documentsthe following scenarios: managing QoS services on JUNOSe routers; managingsubscribers in a wireless roaming environment; providing voice over IP (VoIP)services; integrating the SRC software in a PCMM environment, including the useof the Juniper Policy Server (JPS); and mirroring subscriber traffic on JUNOSerouters.

SRC-PE CLI Command Reference, Volume 1SRC-PE CLI Command Reference, Volume 2

Together constitute information about command and statement syntax;descriptions of commands, configuration statements, and options; editing level ofstatement options; and a history of when a command was added to the

documentation.SRC-PE NETCONF API Guide Describes how to use the NETCONF application programming interface (API) to

configure or request information from the NETCONF server on a C-seriesController that runs the SRC software.

SRC-PE XML API Configuration Reference Describes the tag elements in the SRC Extensible Markup Language (XML)application programming interface (API) that are equivalent to configurationstatements in the SRC command-line interface (SRC CLI).

SRC-PE XML API Operational Reference Describes the tag elements in the SRC Extensible Markup Language (XML)application programming interface (API) that are equivalent to operationalcommands in the SRC command-line interface (SRC CLI).


19/453

Obtaining Documentation xix

About This Guide

Obtaining Documentation

To obtain the most current version of all Juniper Networks technicaldocumentation, see the products documentation page on the Juniper NetworksWeb site at

http://www.juniper.net/

To order printed copies of this manual and other Juniper Networks technicaldocuments, or to order a documentation CD, which contains this manual, contactyour sales representative.

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we canimprove the documentation to better meet your needs. Send your comments [email protected], or fill out the documentation feedback form at

http://www.juniper.net/techpubs/docbug/docbugreport.html

If you are using e-mail, be sure to include the following information with yourcomments:

Document name

Document part number

Page number

Software release version

SRC-PE Comprehensive Index Provides a complete index of the SRC guides, excluding the C-series HardwareGuide, the SRC CLI Command Reference, theSRC-PE NETCONF API Guide,theSRC-PE XML API Configuration Reference, and the SRC-PE XML API OperationalReference.

Application Library

SRC Application Library Guide Describes how to install and work with applications that you can use to extend thecapabilities of the SRC software. The guide documents the following applications:SRC-SG (SOAP Gateway) Web applications, an application to provide threatmitigation, an application to provide tracking and QoS control at the applicationlevel by integrating the SRC software with the El lacoya deep packet inspection(DPI) platform, and an application to control volume usage.

Release Notes

SRC-PE Release Notes

SRC Application Library Release Notes

In theRelease Notes, you will find the latest information about features, changes,known problems, resolved problems, supported platforms and network devices

(such as Juniper Networks routers and CMTS devices), and third-party software. Ifthe information in theRelease Notesdiffers from the information found in thedocumentation set, follow theRelease Notes.

Release notes are included in the corresponding software distribution and areavailable on the Web.

Table 3: Juniper Networks C-series and SRC Technical Publications (continued)

Document Description


20/453


xx Requesting Support

Requesting Support

For technical support, open a support case using the Case Manager link at

http://www.juniper.net/support/

or call 1-888-314-JTAC (from the United States, Canada, or Mexico) or1-408-745-9500 (from elsewhere).


21/453

Managing Services and Service Schedules 1

Part 1

Managing Services and ServiceSchedules


22/453


2 Managing Services and Service Schedules


23/453

3

Chapter 1

Managing Services with the SRC CLI

This chapter describes how to manage services with the SRC CLI.

You can also use the following to manage services:

To use the C-Web interface, see SRC-PE C-Web Interface Configuration Guide,Chapter 23, Configuring Services with the C-Web Interface

To to configure the SRC software on a Solaris platform. See Chapter 2, ManagingServices on a Solaris Platform.

Topics in this chapter include:

Overview of Services on page 4

Enabling the Service Configuration on the SRC CLI on page 4

Before You Configure Services on page 4

Adding a Normal Service with the SRC CLI on page 5

Setting Parameter Values for Services with the SRC CLI on page 8

Aggregating Services on page 9

Sharing Service Provisioning on page 19

Extending Service Implementations with Script Services on page 20

Restricting Simultaneous Activation of Services on page 25

Restricting and Customizing Services for Subscribers on page 27

Restricting Service Activation on page 31


24/453


4 Overview of Services

Overview of Services

The SRC software supports four types of services:

NormalPolicy-based service.

AggregateGroup of services, handled as a unit.

InfrastructureService that can be provisioned only once and then activated anumber of times for one or more subscribers across network devices.

ScriptCustom service into which you can insert or reference a script thatprovisions policies on a number of systems across a network, includingnetworks that contain devices that do not have supported device drivers.

Use aggregate and infrastructure services together to apply policies across JUNOSerouters and JUNOS routing platforms, and other systems that have a supported

device driver.

Use script services to create customized service implementations, such as a serviceto configure firewall policies on a device that does not have a supported devicedriverfor example, a Juniper Networks NetScreen-5GT appliance.

Automatic Service Activation

You can configure a permanent servicea service that the SAE automaticallyactivates when it starts a subscriber session for subscribers who use that service. Atypical application of this feature is to automatically activate a particular videoservice for all subscribers associated with a particular retailer. You can allowsubscribers to deactivate the service, or prohibit them from deactivating it, after the

SAE has automatically activated it. To make a service permanent, set the permanentoption in the service configuration.

Enabling the Service Configuration on the SRC CLI

Before you can configure services with the SRC CLI, you must enable the policy,service, and subscriber editor on the SRC CLI. To do so:

In operational mode, enter the following command:

user@host> enable component editor

Before You Configure Services

Before you configure services:

Plan the services that you want to make available to subscribers.

Configure the policies for a service to use. For information about configuringpolicies, seeDefining Policies to Manage Trafficon page 139.


25/453

Adding a Normal Service with the SRC CLI 5

Chapter 1: Managing Services with the SRC CLI

Adding a Normal Service with the SRC CLI

Use the following configuration statements to add normal services to the globalservice scope:

services global service name{description description;type (normal);category category;url url;policy-group policy-group;authentication-required;authorization-plug-in [authorization-plug-in... ];tracking-plug-in [tracking-plug-in...];session-timeoutsession-timeout;idle-timeout idle-timeout;accounting-interim-interval accounting-interim-interval ;

radius-classradius-class

;status (inactive | active);activate-only;permanent;available;secret;shared-service-nameshared-service-name;

}

Use the following configuration statements to add normal services to a servicescope:

services scope nameservice name{ description description;

type (normal | aggregate | script | infrastructure);category category;url url;policy-group policy-group;authentication-required;authorization-plug-in [authorization-plug-in... ];tracking-plug-in [tracking-plug-in...];session-timeoutsession-timeout;idle-timeout idle-timeout;accounting-interim-interval accounting-interim-interval ;radius-class radius-class;status (inactive | active);activate-only;permanent;

available;secret;shared-service-nameshared-service-name;

}


26/453


6 Adding a Normal Service with the SRC CLI

To add a normal service:

1. From configuration mode, enter the service configuration. In this sampleprocedure, the service is configured in the global service scope, and Video-Goldis the name of the service.

user@host# edit services global service Video-Gold

2. (Optional) Enter a description for the service.

[edit services global service Video-Gold]user@host# set description description

3. Configure the type of service.

[edit services global service Video-Gold]user@host# set type normal

4. (Optional) Configure the category of the service for other SRC applications, suchas portals.

[edit services global service Video-Gold]user@host# set categorycategory

5. (Optional) Configure the link used in SRC applications, such as portals.

[edit services global service Video-Gold]user@host# set urlurl

6. (Optional) Configure the policy group that is applied when the service isactivated.

[edit services global service Video-Gold]user@host# set policy-grouppolicy-group

7. (Optional) Enable authentication required for services activated by portals.

[edit services global service Video-Gold]user@host# set authentication-required

8. (Optional) Configure the plug-in(s) used to authorize the service.

[edit services global service Video-Gold]user@host# set authorization-plug-in[authorization-plug-in... ];

9. (Optional) Configure the plug-in(s) used to collect accounting data for theservice.

[edit services global service Video-Gold]user@host# set tracking-plug-in[tracking-plug-in...]

10. (Optional) Configure the time after which the service session is deactivated.

[edit services global service Video-Gold]user@host# set session-timeoutsession-timeout


27/453

Adding a Normal Service with the SRC CLI 7

Chapter 1: Managing Services with the SRC CLI

11. (Optional) Configure the idle time after which the SAE deactivates service.

[edit services global service Video-Gold]user@host# set idle-timeoutidle-timeout

12. (Optional) Configure the time between interim accounting messages.

[edit services global service Video-Gold]user@host# set accounting-interim-intervalaccounting-interim-interval

13. (Optional) Configure the value of the RADIUS class attribute in accountingmessages.

[edit services global service Video-Gold]user@host# set radius-classradius-class

14. (Optional) Configure the status of the service.

[edit services global service Video-Gold]user@host# set status (inactive | active)

15. (Optional) Configure whether the SAE can deactivate this service

[edit services global service Video-Gold]user@host# set activate-only

16. (Optional) Enable automatic activation when the service is subscribed.

[edit services global service Video-Gold]user@host# set permanent

17. (Optional) Specify whether a subscriber can activate a service.

[edit services global service Video-Gold]user@host# set available

18. (Optional) Specify whether the service is visible only to administrators whohave permission to see secret information.

[edit services global service Video-Gold]user@host# set secret

19. (Optional) Verify your configuration.

[edit services global service Video-Gold]

user@host# showdescription "Example for content provider allowing high speed access";

type normal;

category Video;

url http://video.server.com;

policy-group /sample/common/content-provider-tiered;

radius-class Video-Gold;

status active;

}


28/453


8 Setting Parameter Values for Services with the SRC CLI

Setting Parameter Values for Services with the SRC CLI

Using parameters, you can define general settings in one SRC object and providespecific values for that setting in another object. For example, you can define thegeneral settings for a rate limiter in a policy, insert a parameter for a rate in thepolicy, and provide specific values for the rate in each service that uses this policy.For information about the concept of parameters, see Chapter 14, Defining andAcquiring Values for Parameters.

Use the following configuration statements to configure parameters for services inthe global service scope:

services global service nameparameter {gateway-ip-addressgateway-ip-address;service-ip-addressservice-ip-address;service-ip-maskservice-ip-mask;service-portservice-port;

substitution [substitution...];session-volume-quotasession-volume-quota;

}

Use the following configuration statements to configure parameters for services in aservice scope:

services scope nameservice nameparameter {gateway-ip-addressgateway-ip-address;service-ip-addressservice-ip-address;service-ip-maskservice-ip-mask;service-portservice-port;substitution [substitution...];session-volume-quotasession-volume-quota;

}

To configure parameters for services:

1. From configuration mode, enter the service parameter configuration. In thissample procedure, the service called Video-Gold is configured in the globalservice scope.

user@host# edit services global service Video-Gold parameter

2. (Optional) Configure the actual IP address of the gateway router. This value issubstituted for the policy global parameter called gateway_ipAddress.

[edit services global service Video-Gold parameter]user@host# set gateway-ip-addressgateway-ip-address

3. (Optional) Configure the actual IP address of the host(s) that provides theservice. This value is substituted for the policy global parameter calledservice_ipAddress.

[edit services global service Video-Gold parameter]us

sw sdx service policy

Documents