Restricting and Customizing Services for Subscribers
Service scopes let you customize which services are to be delivered to specific organizations or specific locales. You can use service scopes to provision services for a group of subscribers by specifying:
A service scope is a collection of services and mutex groups, and optionally defines parameter substitutions for its associated services. For more information about parameter substitutions, see Chapter 14, Defining and Acquiring Values for Parameters. The object o=Services is the generic service scope—a collection of services and mutex groups available to all subscribers.
You can assign service scopes to virtual routers (VRs) and to some types of subscribers.
Assigning Service Scopes to Multiple VRs and Subscribers
You can also assign a service scope to multiple VRs and subscribers. For example, by assigning a service scope to a group of VRs, you can specify that a service is available only in the locations served by those VRs. If a subscriber of this service accesses the network from a location where you do not offer this service, the portal will not display the service, and the subscriber will not be able to use it.
If you assign a service scope to multiple VRs and subscribers, you specify a precedence—a numerical ranking—for each service scope. The lower the precedence value, the higher the ranking of the service scope. By default, the object o=Services has the highest precedence value and the lowest ranking.
Defining Multiple Scopes for a Service
If multiple service scopes that define the same service are assigned to a VR or subscriber, the SAE selects the parameters to use for the service as follows:
- It selects the parameters that are defined by only one service scope.
- If the same parameter is defined by more than one service scope, the SAE selects the parameter as follows:
- Selects the parameter associated with the service scope that has the lowest precedence value.
- If the parameter is defined by multiple service scopes with the same precedence value, selects the parameter defined by the service scope with the lowest alphanumerical name.
For example, consider the situation shown in Table 5, in which three scopes define several parameters for the same service.
The SAE will use the following parameter definitions for the service:
- Description from scope s1 (s1 has the lowest precedence value)
- Policy group from scope s1 (only s1 defines this parameter)
- URL from scope s2 (s2 has a lower alphanumeric name than s3)
You can also configure a generic Internet access service, and use service scopes to define the access parameters for different locations to use this service. If multiple service scopes that define this Internet access service are assigned to a VR, the SAE uses the precedence values to determine how to customize the service.
Configuring Service Scopes
The tasks to configure a service scope are:
- Adding Service Scopes with the SRC CLI
- Assigning Services and Mutex Groups to Service Scopes with the SRC CLI
- Assigning Service Scopes to VRs or Subscribers with the SRC CLI
Adding Service Scopes with the SRC CLI
Use the following configuration statement to configure service scopes:
services scopename
{precedenceprecedence
;}
- From configuration mode, enter the service scope configuration. In this sample procedure, the scope is called EntJunos.
user@host#edit services scope EntJunos
- Configure the precedence of the service scope.
[edit services scope EntJunos]user@host#set
precedenceprecedence
- (Optional) Verify your configuration.
[edit services scope EntJunos]user@host#show
precedence 2;Assigning Services and Mutex Groups to Service Scopes with the SRC CLI
To assign services and Mutex Groups to a scope:
For example, to add a service to a service scope called video, enter the following:
user@host#edit services scope video service Video-Gold
Assigning Service Scopes to VRs or Subscribers with the SRC CLI
You can assign multiple service scopes to a VR or subscriber, and you can assign a service scope to multiple VRs and subscribers.
- Enter the configuration for the object to which you want to add the service scope. For example:
user@host#edit shared network device erx-node1 virtual-router default
- Assign a scope to the object.
[edit shared network device erx-node1 virtual-router default]user@host#set scope
scope
Service Scope Configuration SRC CLI Examples
The following sections provide two practical examples for using scopes to customize your service configuration.
Example: Delivering a Limited Set of Services to Organizations
You can use service scopes to create a limited set of services to be made available to specified organizations. For enterprise users, you could define a set of services available on the JUNOS routing platform.
To deliver a small set of services to specified enterprises:
- Create a scope for the services to be made available. For example, see the EntJunos scope in the sample data.
user@host>show configuration services scope EntJunos
- Add services to the scope, such as those in the sample data in the EntJunos scope.
- Assign the scope to one or more enterprise subscribers. For example, assign the EntJunos scope to the Acme enterprise.
user@host#edit subscribers retailer ENT subscriber-folder entAcme enterprise Acme
[edit subscribers retailer ENT subscriber-folder entAcme enterprise Acme]user@host#set scope EntJunos
- Verify your configuration.
[edit subscribers retailer ENT subscriber-folder entAcme enterprise Acme]user@host#show
scope EntJunos;If you use a portal to manage enterprises, you see only the services for the specified scope from the portal. Other services are not visible to the IT managers who manage services and subscriptions from the enterprise service portal. To see the services available to Acme from Enterprise Manager Portal, see SRC-PE Subscribers and Subscriptions Guide, Chapter 24, Managing Services with Enterprise Manager Portal.
Example: Customizing Generic Services to Particular Regions
You could use service scopes to customize a generic audio service called Audio-Bronze on a regional basis. This example assumes that the network is configured so that VR boston serves the Boston subnet and VR chicago serves the Chicago subnet.
When the network starts operating, the SAE substitutes the parameters you specified in the service scope definition for the corresponding fields in the service subordinate to that scope.
To customize the new service Audio-Bronze for the Boston and Chicago subnets:
- Add the Audio-Bronze service within a service scope called boston, and configure the IP address and mask used by VR boston in the parameter configuration.
This IP address and mask determine an access point to the service provider's equipment.
user@host#edit services scope boston
[edit services scope boston]user@host#edit service Audio-Bronze
[edit services scope boston service Audio-Bronze]user@host#set parameter service-ip-address 10.10.40.33
[edit services scope boston service Audio-Bronze]user@host#set parameter service-ip-mask 255.255.255.255
- Add another Audio-Bronze service within a service scope called scope_chicago, and specify the IP address and mask used by VR chicago.
user@host#edit services scope chicago
[edit services scope chicago]user@host#edit service Audio-Bronze
[edit services scope chicago service Audio-Bronze]user@host#set parameter service-ip-address 10.10.55.1
[edit services scope chicago service Audio-Bronze]user@host# setparameter service-ip-mask 255.255.255.255
- Assign service scope boston to virtual router boston.
user@host#edit shared network device region_one virtual-router boston
[edit shared network device region_one virtual-router boston]user@host#set scope boston
- Assign service scope chicago to virtual router chicago.
user@host#edit shared network device region_two virtual-router chicago
[edit shared network device region_two virtual-router chicago]user@host#set scope chicago