Example: Parameter Value Substitution
This section provides an example of how to use parameters and substitutions. It contains the following sections:
Setting Up a Service That Uses Parameters
In this example, we will create a value-added service that provides a gold-level quality of service. We will then subscribe this service to a department subnet in an enterprise network and be able to track and charge the department for the volume of bandwidth used. Figure 43 shows the network in our example.
![]()
From the service provider's perspective, the service provider's network is on the inside, and the enterprise network is on the outside. Ingress traffic flows from the enterprise network to the service provider's network. Egress traffic flows from the service provider's network to the enterprise network. The engineering department subnet in the enterprise network is the subnet that we will subscribe to the gold-level service and track.
The example uses two types of parameters (note that SDX Admin uses the term role in place of type):
Summary of Procedure
The following is a summary of the procedure we will use to set up the example.
- Create a policy group called tierpolicy that classifies packets based on source and destination subnets and applies a rate limit action to those packets. The tierpolicy policy group contains three local parameters:
- inside—Parameter of type network; used to specify a subnet
- outside—Parameter of type network; used to specify a subnet
- qos—Parameter of type rate; used to scale the rate limiter
- Create a value-added service called GoldMetered, and assign tierpolicy as the policy group. In the GoldMetered service, configure the following parameter substitution:
- qos—Fix to 50% of the interface_speed parameter. (interface_speed is a global runtime parameter that the SAE fills in with the actual speed of the router interface.)
- dept—Create a parameter called dept that is parameter type (role) network.
- outside—Set to dept (short for department), which effectively renames the outside parameter to dept.
- inside—Set to any.
- eng—Create a parameter called eng (short for engineering department) that is parameter type (role) network, and set the value to 192.0.2.22/28.
- Subscribe the subscriber to the GoldMetered service, and configure the following parameter substitution:
Creating a Policy Group
Use Policy Editor to create a policy group.
- Create a policy group called tierpolicy.
- Create the following local parameters, which are parameters that will be used only with tierpolicy.
- inside—Network parameter with a default value of any; any is a global parameter with value 0.0.0.0/0, which matches any network
- outside—Network parameter with a default value of any; any is a global parameter with value 0.0.0.0/0, which matches any network
- qos—Rate parameter
![]()
- Create two policy lists, one for the ingress side of the interface, and one for the egress side of the interface.
![]()
- Create two policy rules, one for ingress traffic and one for egress traffic.
![]()
- In the egress policy rule, which applies to traffic coming from the service provider network to the enterprise, create a condition that matches IP packets on source and destination networks:
![]()
- Sets the committed rate to the qos parameter.
- Sets the committed burst to the maximum of either 100 ms burst at committed rate (qos*0.1) in bytes (/8) or 16384.
- Sets the peak burst to 16384.
- Forwards all committed traffic.
- Filters all uncommitted traffic.
![]()
- In the ingress policy rule, which applies to traffic coming from the enterprise network, create a condition that matches IP packets on source and destination networks:
![]()
- Sets the committed rate to the qos local parameter.
- Sets the committed burst to the maximum of either 100 ms burst at the committed rate (qos*0.1) in bytes (/8) or 16384.
- Scales the peak rate and burst by 1.5.
- Marks committed and conformed traffic with different marks (1 and 2).
- Drops all traffic that exceeds the rate limit.
![]()
The policy group should now look like this:
![]()
Creating a Value-Added Service
Use SDX Admin to create a value-added service.
- Create a value-added service called GoldMetered, and assign tierpolicy as the policy group.
![]()
- Select the Parameter tab of the GoldMetered service, and add the following parameters to the substitution table:
- dept—Create a parameter called dept that is parameter type (role) network. This is the subnet of the department that the service will apply to.
- qos—Fix the qos parameter to 50% of the interface_speed parameter. (interface_speed is a global runtime parameter that the SAE fills in with the actual speed of the router interface).
- outside—Set the outside parameter to the value dept, which effectively renames the outside parameter to dept.
- inside—Set the inside parameter to a value of any, which applies to any subnet inside the service provider's network.
![]()
Creating an Enterprise Subscriber
The next step is to create an enterprise subscriber. Within the subscriber definition, create a parameter called eng that is parameter type (role) network, and set the value of eng to 192.0.2.22/28.
You create a subscriber by using SDX Admin or another directory client. You can create the eng parameter with SDX Admin or the sample enterprise service portal.
- In SDX Admin, create an enterprise subscriber called ABCInc.
![]()
- Create the eng parameter as part of the subscriber definition. You can perform this step by using either SDX Admin or the sample enterprise service portal.
- To create the eng parameter in SDX Admin, select the Parameter tab of the ABCInc subscriber, and add the eng parameter to the substitution table.
![]()
To create the eng parameter in the sample enterprise service portal, select the Departments tab, add eng to the department field, and enter 192.0.2.22/28 as the network address of the department. ![]()
Subscribing ABCInc to the GoldMetered Service
Next, subscribe the ABCInc subscriber to the GoldMetered service. You can perform this step by using SDX Admin or the sample enterprise service portal.
In the sample enterprise service portal:
![]()
The Subscriptions pane appears.
![]()
Acquiring the Parameter Values
Once the SRC software has gone through the parameter value acquisition process, the three original parameters in the tierpolicy policy group have the following values:
This value was acquired from the global parameter any that was defined in the service definition.
This value was acquired as follows:
- outside=dept—Acquired from the service definition
- dept=eng—Acquired from the subscription
- eng=192.0.2.22/28—Acquired from the enterprise subscriber definition
- qos=500,000
This value was acquired from the service definition where the value of qos was set to 50% of the interface_speed parameter. An interface_speed value of 1,000,000 was acquired from the router. If qos=50% of the interface speed, then the qos value is 500,000.
The rest of the rate-limit values are calculated based on the 500,000 value of qos.
Figure 44 shows the values of the ingress and egress policies that are applied to the router in our sample network.
![]()