子scriber aware traffic steering

交通转向指导用户流量one point to another. When a subscriber connects to the network, the packet gateway associates an IP address with the subscriber and forwards the data packet to the Citrix ADC appliance. The appliance communicates with the PCRF server over the Gx interface to get the policy information. Depending on the policy information, the appliance performs one of the following actions:

• Forward the data packet to another set of services (as shown in the following illustration).
• Drop the packet.
• Perform only Large Scale NAT (LSN), if LSN is configured on the appliance.

The values shown in the following figure are configured in the CLI procedure that follows the figure. A content switching virtual server on the Citrix ADC appliance directs requests to the value added services or skips them, depending on the defined rule, and then sends the packet out to the Internet after performing LSN.

To configure traffic steering for the above deployment by using the CLI

Add the appliance’s subnet IP (SNIP) addresses.

Example:

添加ns ip 192.168.10.1 255.255.255.0类型剪广告d ns ip 192.168.20.1 255.255.255.0 -type snip add ns ip 100.100.100.1 255.0.0.0 -type snip add ns ip 200.200.200.1 255.0.0.0 -type snip add ns ip 100.1.1.1 255.0.0.0 -type snip add ns ip 200.201.1.1 255.0.0.0 -type snip 

Add the VLANs. VLANs help the appliance identify the source of the traffic. Bind the VLANs to the interfaces and subnet IP addresses.

Example:

add vlan 10 add vlan 20 add vlan 100 add vlan 200 bind vlan 10 -ifnum 1/4 -tagged -IPAddress 192.168.10.1 255.255.255.0 bind vlan 20 -ifnum 1/4 -tagged -IPAddress 192.168.20.1 255.255.255.0 bind vlan 100 -ifnum 1/2 -tagged -IPAddress 100.1.1.1 255.0.0.0 bind vlan 200 -ifnum 1/3 -tagged -IPAddress 200.1.1.1 255.0.0.0 

Specify the VLAN on which the subscriber traffic arrives on the appliance. Specify the service path AVP that tells the appliance where to look for the service path name within the subscriber session. For primary PCEF functionality, specify the interfaceType as RadiusAndGx.

Example:

set ns param -servicePathIngressVLAN 100 set subscriber gxinterface -servicepathAVP 1001 1005 -servicepathVendorid 10415 set subscriber param -interfaceType RadiusAndGx 

Configure a service and virtual server of type Diameter, and bind the service to the virtual server. Then, specify the PCRF realm and subscriber Gx interface parameters. For primary PCEF functionality, configure a RADIUS listener service and RADIUS interface.

Example:

add service sd1 10.102.232.200 DIAMETER 3868 add lb vserver vdiam DIAMETER 0.0.0.0 0 -persistenceType DIAMETER -persistAVPno 263 bind lb vserver vdiam sd1 set ns diameter -identity netscaler.sc1.net -realm pcrf1.net set subscriber gxInterface -vServer vdiam -pcrfRealm pcrf1.net -holdOnSubscriberAbsence YES -idleTTL 1200 -negativeTTL 120 add service srad1 10.102.232.236 RADIUSListener 1813 set subscriber radiusInterface -listeningService srad1 

Add service functions to associate a VAS with an ingress VLAN. Add a service path to define the chain, that is, specify the VAS that the packet must be sent to and the order in which it must go to that VAS. The service path name is usually sent by the PCRF. However, the service path of the default subscriber profile (*) applies if any of the following is true:

• PCRF没有用户信息。
• The subscriber information does not include this AVP.
• The appliance is unable to query the PCRF. For example, the service representing the PCRF is DOWN.

The service path AVP that contains this name must already be configured as part of the global configuration. Bind the service function to the service path. The service index specifies the order in which the VAS is added to the chain. The highest number (255) indicates the beginning of the chain.

Example:

add ns servicefunction SF1 -ingressVLAN 20 add ns servicepath pol1 bind ns servicepath pol1 -servicefunction SF1 -index 255 add subscriber profile * -subscriberrules default_path 

Add the LSN configuration. That is, define the NAT pool and identify the clients for which the appliance must perform LSN.

add lsn pool pool1 bind lsn pool pool1 200.201.1.1 add lsn client client1 bind lsn client client1 -network 100.0.0.0 -netmask 255.0.0.0 add lsn group group1 -clientname client1 bind lsn group group1 -poolname pool1 

The appliance performs LSN by default. To override LSN, you must create a net profile with the overrideLsn parameter enabled, and bind this profile to all the load balancing virtual servers that are configured for value added services (VASs).

Example:

add netprofile np1 set netprofile np1 -overrideLsn ENABLED set lb vserver vs1 -netprofile np1 

Configure the VAS on the appliance. This includes creating the services and virtual servers and then binding the services to the virtual servers.

add service vas1 192.168.10.2 ANY 80 -usip YES add service sint 200.10.1.10 ANY 80 -usip YES add lb vserver vs1 ANY -m MAC -l2Conn ON add lb vserver vint ANY -m MAC -l2Conn ON bind lb vserver vs1 vas1 bind lb vserver vint sint 

Add the content switching (CS) configuration. This includes virtual servers, policies, and their associated actions. The traffic arrives at the CS virtual server and is then redirected to the appropriate load balancing virtual server. Define expressions that associate a virtual server with a service function.

Example:

add cs vserver cs1 ANY * 80 -l2Conn ON add cs action csact1 -targetLBVserver vs1 add cs action csactint -targetLBVserver vint add cs policy cspol1 -rule SUBSCRIBER.SERVICEPATH.IS_NEXT("SF1") && SYS.VSERVER("vs1").STATE.EQ(UP)" -action csact1 bind cs vserver cs1 -policyName cspol1 -priority 110 bind cs vserver cs1 -lbvserver vint 

To configure traffic steering on the appliance by using the GUI

1. Navigate toSystem>Network>IPsand add the subnet IP addresses.
2. Navigate to System > Network >VLANsand add VLANs, Bind the VLANs to the interfaces and subnet IP addresses.
3. Navigate toTraffic Management>Service Chaining>Configure Service Path Ingress VLANand specify an ingress VLAN.
4. Navigate toTraffic Management>子scriber>Parameters>Configure Subscriber Parametersand specify the following:
   • Interface Type: SpecifyRadiusAndGx.
   • Configure a diameter virtual server, PCRF realm, and the subscriber GX interface parameters.
   • Specify the RADIUS interface parameters.
5. Navigate toTraffic Management>Service Chaining>Service Functionand add service functions to associate a value-added service with an ingress VLAN.
6. Navigate toSystem>Network>Large Scale NAT. ClickPoolsand add a pool. ClickClientsand add a client. ClickGroupsand add a group and specify the client. Edit the group and bind the pool to this group.
7. Navigate toSystem>Network>Net Profilesand add a net profile. SelectOverride LSN. Optionally, navigate toSystem>Network>Settings>Configure Layer 3 Parametersand verify thatOverride LSNis not selected.
8. Navigate toTraffic Management>Load Balancing>Virtual Serversand configure the virtual servers and value-added services on the appliance. Bind the services and the net profile to the virtual server.
9. Navigate toTraffic Management>Content Switching>Virtual Serversand configure a virtual server, policy, and action. Specify the target load balancing virtual server.

To configure service chaining on the appliance by using the GUI

1. Navigate toSystem>Network>IPsand add the subnet IP addresses.
2. Navigate to System > Network >VLANsand add VLANs, Bind the VLANs to the interfaces and subnet IP addresses.
3. Navigate toTraffic Management>Service Chaining>Configure Service Path Ingress VLANand specify an ingress VLAN.
4. Navigate toTraffic Management>子scriber>Parameters>Configure Subscriber Parametersand specify the following:
   • Interface Type: SpecifyRadiusAndGx.
   • Configure a diameter virtual server, PCRF realm, and the subscriber GX interface parameters.
   • Specify the RADIUS interface parameters.
5. Navigate toTraffic Management>Service Chaining>Service Functionand add service functions to associate a value-added service with an ingress VLAN.
6. Navigate toSystem>Network>Large Scale NAT. ClickPoolsand add a pool. ClickClientsand add a client. ClickGroupsand add a group and specify the client. Edit the group and bind the pool to this group.
7. Navigate toSystem>Network>Net Profilesand add a net profile. SelectOverride LSN. Optionally, navigate toSystem>Network>Settings>Configure Layer 3 Parametersand verify thatOverride LSNis not selected.
8. Navigate toTraffic Management>Load Balancing>Virtual Serversand configure the virtual servers and value-added services on the appliance. Bind the services and the net profile to the virtual server.
9. Navigate toTraffic Management>Content Switching>Virtual Serversand configure a virtual server, policy, and action. Specify the target load balancing virtual server.