[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Example: Creating Access Policies for Subscribers

In this example, the service provider manages an interface on the router. The interface is associated with a subscriber. The access policy is a default policy that supports various types of subscribers and interfaces. Some examples are DHCP, static IP subscribers, and PPP subscribers.

The default policy installed on the interface sets the context of other services that the subscriber will activate later. The default policy can restrict subscriber access to the network or provide a default access. You can also use the default policy to create a walled garden effect by sending subscribers to the SSP server and requiring them to activate a service before they can access other services in the system. (The term walled garden is used to describe an environment in which a service provider limits a subscriber's access to Web content and services.)

The precedence of the policy rules in default policies is very important. When the related service is activated, the service policy needs a high priority (low value) so that the service policy is used instead of the default policy.

Types of Policies

The policy used for access depends on the type of services that it will be used for. Generally, policies with filter, forward, rate-limit or policer, and next-hop actions are used.

Sample Access Policies

This section contains examples of access policies for DHCP subscribers and PPP subscribers. In both of these examples, there are two content providers. Traffic destined for the content provider networks is sent to the residential portal by using a next-hop action that forwards traffic to the virtual IP address of the SSP. (See SRC-PE Sample Applications Guide.)

Traffic to the SSP has a high priority and is not affected by other service policies. This way, the subscriber can always access the SSP. Traffic from the network is forwarded without any restrictions.

DHCP Policy Group

Figure 32 shows a summary of the access policy for DHCP subscribers.


Figure 32: DHCP Policy Group
 

The following information shows the configuration details of the DHCP policy group in Figure 32.

policyGroupName=DHCP, ou=junose, ou=sample, o=Policies, o=umc

PolicyList out

        name=out
        policyRoles=JUNOSE
        applicability=output

   PolicyRule forward
        priority=500
        type=JUNOSE
        accountingRule=false
     ClassifyTrafficCondition
     Forward Action

PolicyList in

        name=in
        policyRoles=JUNOSE
        applicability=input

   PolicyRule cp-to-ssp
        priority=500
        type=JUNOSE
        accountingRule=false
     ClassifyTrafficCondition content-provider-network-1
        DestinationNetwork:
          ipAddress=10.20.40.0
          ipMask=255.255.255.0
          ipOperation=is
     ClassifyTrafficCondition content-provider-network-2
        DestinationNetwork:
          ipAddress=172.16.0.0
          ipMask=0.0.255.255
          ipOperation=is
     NextHop Action
        nextHopAddress=virtual_ipAddress

   PolicyRule forward-cl-dhcp
        priority=200
        type=JUNOSE
        accountingRule=false
     ClassifyTrafficCondition
        protocol=udp
        DestinationNetwork:
          ipAddress=0.0.0.0
          destination port=67
     Forward Action 

   PolicyRule forward-to-ssp
        priority=200
        type=JUNOSE
        accountingRule=false
     ClassifyTrafficCondition
        DestinationNetwork:
          ipAddress=virtual_ipAddress
          ipMask=255.255.255.255
          ipOperation=is
     Forward Action

PPP Policy Group

Figure 33 shows a summary of the access policy for PPP subscribers.


Figure 33: PPP Policy Group

The following information shows the configuration details of the PPP policy group in Figure 33.

policyGroupName=PPP, ou=junose, ou=sample, o=Policies, o=umc

PolicyList out

        name=out
        policyRoles=JUNOSE
        applicability=output

   PolicyRule: name=forward
        priority=500
        type=JUNOSE
        accountingRule=false
     Forward Action

PolicyList in

        name=in
        policyRoles=JUNOSE
        applicability=input

   PolicyRule: name=cp-to-ssp
        priority=500
        type=JUNOSE
        accountingRule=false
     ClassifyTrafficCondition content-provider-network-1
        DestinationNetwork:
          ipAddress=10.10.40.0
          ipMask=255.255.255.0
          ipOperation=is
     ClassifyTrafficCondition content-provider-network-2
        DestinationNetwork:
          ipAddress=172.16.0.0
          ipMask=255.255.0.0
          ipOperation=is
     NextHop Action
        nextHopAddress=virtual_ipAddress

   PolicyRule: name=forward-to-ssp
        priority=200
        type=JUNOSE
        accountingRule=false
     ClassifyTrafficCondition sae
        DestinationNetwork:
          ipAddress=virtual_ipAddress
          ipMask=255.255.255.255
          ipOperation=is
     Forward Action

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]