Managing Subscriptions to Bandwidth-on-Demand Services
The service provider makes bandwidth services available to enterprises. IT managers can use these services to provision bandwidth within an enterprise to meet the forwarding requirements for subscriber traffic. The service provider can make the following types of bandwidth services available:
Only one subscription to one bandwidth level is supported for an access link.
- BoD services that classify traffic and assign different classes of traffic to different BoD services
You can classify traffic by source IP address, destination IP address, source Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port, destination TCP or UDP port, or type-of-service (ToS) byte, and assign that traffic to a service level.
NOTE: Enterprise Manager Portal supports only services that have policies configured.
When both of these services are available, you can provide subscribers with class of service (CoS)—the method of classifying traffic on a packet-by-packet basis with information in the ToS byte to provide different service levels to different traffic.
Whether bandwidth level (a basic BoD service), BoD services, or both are available depends on the configuration for the portal. See Chapter 27, Installing and Configuring Enterprise Service Portals.
Planning Subscriptions to BoD Services
When planning subscriptions, consider the following factors:
- In a configuration that includes both a subscription to a bandwidth level and subscriptions to BoD services, the bandwidth level must be set before BoD services can be configured.
If a subscription to a bandwidth level needs to be deleted or moved, all subscriptions to BoD services for subscribers in the same container must be disabled or deleted first.
- BoD services are inherited by subscribers who are subordinate in the navigation pane.
- A rule for a BoD service specifies which fields in the IP header to match—protocol, source IP address, destination IP address, source TCP or UDP port, destination TCP or UDP port, or ToS byte—and the BoD service to assign to packets that match the conditions. If configured, a destination VPN can also be assigned.
If a packet matches more than one rule for BoD services, which rule is applied is unpredictable. For example, if the destination IP address matches a rule for a Gold BoD service, but the destination port matches the source TCP port for a Silver BoD service, and the rules have no other conditions, which rule is applied is uncertain.
Plan rules for BoD services so that a packet matches all the following conditions—protocol, source IP address, destination IP address, source TCP or UDP port, destination TCP or UDP port, or ToS byte—for only one BoD service.
Creating a Subscription to BoD Services
When you create a subscription to a BoD service, you initially set a bandwidth level if available and not previously set.
Setting a Bandwidth Level
To create a subscription to a bandwidth level:
- In the navigation pane of Enterprise Manager Portal, click the subscriber for whom you want to provision bandwidth.
- Click the Bandwidth & VPNs tab.
NOTE: If VPN features are not configured, the tab is named Bandwidth.
The Bandwidth & VPNs page appears.
![]()
The bandwidth level becomes available, and the fields for setting BoD services appear on the Bandwidth page.
Bandwidth Level
- Bandwidth assigned to an access link (the basic BoD service in the directory). The bandwidth level governs the overall bandwidth available on the link.
- Value—Menu of bandwidth levels in the directory available for this subscriber. See the online help
for information about the menu entries.
- Guidelines—A subscriber can be assigned to up to one bandwidth level on an access link.
In the navigation pane, a subscriber subordinate to the one who has the bandwidth level subscription inherits the subscription. A subordinate subscriber cannot subscribe to another bandwidth level.
If you select default for the value, all traffic is treated the same.
Adding Subscriptions to BoD Services
To add a subscription to a BoD service:
- In the navigation pane of Enterprise Manager Portal, click the subscriber to assign to a BoD service.
- Click the Bandwidth & VPNs tab.
- If a bandwidth level has not been set, specify a bandwidth level.
The bandwidth level becomes available, and the fields for setting BoD services appear on the Bandwidth & VPNs page.
![]()
The Create Rule dialog box appears.
![]()
You can configure any number of subscriptions by assigning different traffic flows, identified by rules under Affected Traffic on the Bandwidth & VPNs page (see Figure 35), to different BoD services.
The subscription appears in the Bandwidth & VPNs page.
Rule Name
- Name of the BoD rule.
- Value—Alphanumeric characters without spaces
- Default—No value
- Example—SalesVideoConference
IP Protocols
- ah—authentication header
- egp—exterior gateway protocol
- esp—Encapsulating Security Payload
- gre—generic routing encapsulation
- icmp—Internet Control Message Protocol
- igmp—Internet Group Management Protocol
- ipip—IP over IP
- ospf—Open Shortest Path First
- pim—Protocol Independent Multicast
- rsvp—Resource Reservation Protocol
- sctp—Stream Control Transmission Protocol
- tcp—Transmission Control Protocol
- udp—User Datagram Protocol
- <ipProtocolNumber>
- Guidelines—Specify an IP protocol or its corresponding number if you want to enable BoD for a certain type of traffic. If you want to enable BoD for all IP protocols, leave this field empty. If you specify an IP protocol other than TCP or UDP, the port fields will dim, and you will not be able to specify port numbers for this subscription.
- Default—No value
- Example—tcp
ToS Byte
- ToS byte in the header of the IP datagram associated with traffic affected by this bandwidth rule.
- Value
- DiffServ—DiffServ is used to classify packets by the selected value.
- Precedence—Value of the drop precedence.
- Free Format—ToS byte in binary format.
Use an x to indicate a bit to be ignored.
- Guidelines—You can configure the ToS byte only if the configuration level is set to Advanced (see Setting the Configuration Level for Enterprise Manager Portal).
Specify the ToS byte in this field if you want to enable BoD for a specific type of service. If you want to enable BoD for all types of service, leave this field empty.
Source IP Addresses
- Source IP address(es) (contained in the IP packets) of traffic affected by this bandwidth rule.
- Value—[ not ]<networkAddress>/<networkMask>
- not—Address, or set of IP addresses as expressed by the netmask, for which the BoD service is not available
- <networkAddress>—IP address of the network
- <networkMask>—Netmask expressed as an integer 0-32, which specifies how many of the first bits in the address specify the network
- Guidelines—To specify traffic not from a source IP address or not from a set of IP addresses as expressed by the netmask, precede the IP address with the keyword not. To specify traffic with any source IP address, leave the field empty.
The order in which you list prefixes, identified by the IP address-netmask pair, is not significant. They are all evaluated to determine whether a match occurs. If prefixes overlap, longest-match rules are used to determine whether a match occurs. For an address to be considered a match, it must match one of the rules in the list.
For information about how JUNOS routing platforms evaluate prefixes, see the JUNOS Policy Framework Configuration Guide.
- Default—No value
- Example—In this example for a JUNOS routing platform, all IP addresses on the subnet 172.16.0.0/10 are specified, except for those on the subnet 172.16.2.0/16.
172.16.0.0/10, not 172.16.2.0/16
Source Ports
- Source TCP/UDP port(s) (contained in the IP packets) of traffic affected by this bandwidth rule.
- Values
- Port number
- Comma-separated list of port numbers and ranges of port numbers (JUNOS routing platforms)
- Ranges of port numbers separated by two dots (..)
- Guidelines— To specify all ports, leave this field empty. If you specify an IP protocol other than TCP or UDP for this subscription, the port field will dim, and you will not be able to specify port numbers in this field.
- Default—No value
- Example
Destination IP Addresses
- Destination IP addresse(es) (contained in the IP packets) of traffic affected by this bandwidth rule.
- Value—[ not ]<networkAddress>/<networkMask>
- not—Address, or set of IP addresses as expressed by the netmask, for which the BoD service is not available
- <networkAddress>—IP address of the network
- <networkMask>—Netmask expressed as an integer 0-32, which specifies how many of the first bits in the address specify the network
- Guidelines—To specify traffic not to a destination IP address or not to a set of IP addresses as expressed by the netmask, precede the IP address with the keyword not.
The order in which you list prefixes, identified by the IP address-netmask pair, is not significant. They are all evaluated to determine whether a match occurs. If prefixes overlap, longest-match rules are used to determine whether a match occurs. For an address to be considered a match, it must match one of the rules in the list.
For information about how JUNOS routing platforms evaluate prefixes, see the JUNOS Policy Framework Configuration Guide.
Destination Ports
- Destination TCP/UDP port(s) (contained in the IP packets) of traffic affected by this bandwidth rule.
- Value
- Port number
- Comma-separated list of port numbers and ranges of port numbers (JUNOS routing platforms)
- Ranges of port numbers separated by two dots (..)
- Guidelines—To specify all ports, leave this field empty. If you specify an IP protocol other than TCP or UDP for this subscription, the port field will dim, and you will not be able to specify port numbers in this field.
- Default—No value
- Example
TCP Flags
- Conditions in the TCP flags in the TCP message header. This field is enabled when the TCP protocol is selected.
- Value—Expression or text synonym that identifies the TCP flags
- Guidelines—You can enter a value for TCP flags only if you select TCP as the IP protocol.
You can enter a logical expression that contains the symbols for the six TCP flags: urgent, ack, push, rst, syn, and fin. You can use the following logical operators in the list of flags:
- &—And. Separates flag settings in the list.
- !—Not. Flags preceded by ! are cleared; flags not preceded by ! are set.
You can use the following expression instead of the entire expression:
The interface displays text synonyms for expressions if stored data matches the expression.
This field appears enabled only if the configuration level is set to Advanced. Although the value can be changed when the configuration level is set to Normal, we recommend that the value of this field not be changed if the field appears disabled.
Fragmentation Flags
- Logical expression using the dont-fragment, more-fragments, and reserved IP fragmentation flags.
- Value—Flags expression
- Guidelines—The expression can also contain the following logical operators:
- &—And. Separates flag settings in the list.
- !—Not. Flags preceded by ! are cleared; flags not preceded by ! are set.
Fragment Offset
- IP fragment offset—a value that defines the order in which to assemble fragments for an IP datagram.
- Value—One of the following:
Packet Length
ICMP Type
- Type of message for Internet Control Management Protocol (ICMP).
- Value—Type of ICMP message in the following formats:
- Number of the ICMP message type in the range 0-255
- Symbolic name for an ICMP message type
- Comma-separated list of ICMP types and ranges of ICMP types
- Ranges of ICMP types separated by two dots (..) within the range 0-255
- Blank—Any ICMP type
- Guidelines—You can enter a value for this field only if you select the icmp protocol (protocol number 1).
The following list shows the symbolic name and associated numbers for ICMP types. The ICMP types are the same as those on JUNOS routing platforms with the addition of traceroute.
- 0—echo-reply
- 8—echo-request
- 16—info-reply
- 15—info-request
- 18—mask-reply
- 17—mask-request
- 12—parameter-problem
- 5—redirect
- 9—router-advertisement
- 10—router-solicit
- 4—source-quench
- 11—time-exceeded
- 13—timestamp
- 14—timestamp-reply
- 30—traceroute
- 3—unreachable
This field appears enabled only if the configuration level is set to Advanced. Although the value can be changed when the configuration level is set to Normal, we recommend that the value of this field not be changed if the field appears disabled.
ICMP Code
- Number of ICMP code in the range 0-255
- Comma-separated list of code numbers and ranges of code numbers
- Ranges of code numbers separated by two dots (..) within the range 0-255
- Blank—Any ICMP code
This field appears enabled only if the configuration level is set to Advanced. Although the value can be changed when the configuration level is set to Normal, we recommend that the value of this field not be changed if the field appears disabled.
BoD Service
- Name of the BoD service in the directory that will be applied to the subscription.
- Value—Menu of BoD services available for this subscriber. See the online help
for information about the menu entries.
- Guidelines—How BoD services define bandwidth allocation depends on whether or not a bandwidth level is set:
- On a link that has a bandwidth level set, the BoD service defines the transmission service and the forwarding priority of the traffic for the subscription—for example, expedited or best-effort.
- On a link that does not have bandwidth allocated, the BoD service typically specifies the fixed bandwidth level available to the traffic type for the subscription.
For more information about the interaction between the bandwidth level and BoD services, see Chapter 22, Reviewing and Configuring Policies and Services for Enterprise Manager Portal.
Destination VPN
- Configured VPN to use.
- Value—Name of VPN
- Guidelines—This field appears if configuration for VPNs is enabled for the portal. For more information about VPNs, see Modifying Subscriber VPN Configuration.
- Default—No value
Enabled
- Gray box—Subscription is inherited from a parent subscriber
- White box—Subscription is configured for this subscriber
- Box with check mark—Subscription is enabled
- Empty box—Subscription is disabled
Modifying Rules for a Subscription to a BoD Service
To modify rules for a subscription to a BoD service:
- Start at the subscriber's Bandwidth page (see Figure 35).
- Change the values in the fields for this rule.
- Click Apply for the subscription.
Modifying the Bandwidth Level
- Start at the subscriber's Bandwidth page (see Figure 35).
- Disable all BoD services that this subscriber inherits from parent subscribers.
- Disable all BoD services defined for this subscriber's subordinate subscribers.
- Select a new value from the Bandwidth Level menu.
- Click Apply.
- If needed, enable BoD services that this subscriber inherits from parent subscribers.
- If needed, enable BoD services defined for this subscriber's subordinate subscribers.
Moving the Bandwidth Level
To move the bandwidth level to another subscriber:
- Delete the bandwidth level. See Deleting the Bandwidth Level.
- Set a bandwidth level for another subscriber. See Creating a Subscription to BoD Services.
- Create BoD services. See Creating a Subscription to BoD Services.
Deleting a Subscription for a BoD Service
To delete a subscription to a BoD service:
- Start at the subscriber's Bandwidth page (see Figure 35).
- Click Delete for the subscription.
Deleting the Bandwidth Level
To delete the bandwidth level:
- Start at the subscriber's Bandwidth page (see Figure 35).
- Disable all BoD services that this subscriber inherits from parent subscribers.
- Disable all BoD services defined for this subscriber's subordinate subscribers.
- Select Default from the Bandwidth Level menu.
- Click Apply.
Monitoring Use of Subscriptions to BoD Services
To monitor the use of a bandwidth subscription:
- Start at the subscriber's Bandwidth page (see Figure 35).
- Click Usage Data for the bandwidth level or subscription.
The Service Usage page appears.
![]()