Cisco Cisco IOS Software Release 12.2(16)B
SSG Port-Bundle Host Key
Information About SSG Port-Bundle Host Key
3
Cisco IOS Releases 12.2(16)B and 12.3(4)T
•
Local Forwarding, page 4
•
Benefits of SSG Port-Bundle Host Key, page 4
Overview of SSG
Service Selection Gateway (SSG) is a switching solution for service providers who offer intranet,
extranet, and Internet connections to subscribers using broadband access technology such as digital
subscriber lines, cable modems, or wireless to allow simultaneous access to network services.
extranet, and Internet connections to subscribers using broadband access technology such as digital
subscriber lines, cable modems, or wireless to allow simultaneous access to network services.
SSG works in conjunction with the Cisco Service Selection Dashboard (SSD) or its successor product,
the Cisco SESM. Together with the SESM or SSD, SSG provides subscriber authentication, service
selection, and service connection capabilities to subscribers of Internet services. Subscribers interact
with an SESM or SSD web application using a standard Internet browser.
the Cisco SESM. Together with the SESM or SSD, SSG provides subscriber authentication, service
selection, and service connection capabilities to subscribers of Internet services. Subscribers interact
with an SESM or SSD web application using a standard Internet browser.
Host Key Mechanism
Note
All references to SESM also apply to SSD unless a clear distinction is made.
With the SSG Port-Bundle Host Key feature, SSG performs port-address translation (PAT) and
network-address translation (NAT) on the HTTP traffic between the subscriber and the SESM server.
When a subscriber sends an HTTP packet to the SESM server, SSG creates a port map that changes the
source IP address to a configured SSG source IP address and changes the source TCP port to a port
allocated by SSG. SSG assigns a bundle of ports to each subscriber because one subscriber can have
several simultaneous TCP sessions when accessing a web page. The assigned host key, or combination
of port bundle and SSG source IP address, uniquely identifies each subscriber. The host key is carried in
RADIUS packets sent between the SESM server and SSG in the Subscriber IP vendor-specific attribute
(VSA).
network-address translation (NAT) on the HTTP traffic between the subscriber and the SESM server.
When a subscriber sends an HTTP packet to the SESM server, SSG creates a port map that changes the
source IP address to a configured SSG source IP address and changes the source TCP port to a port
allocated by SSG. SSG assigns a bundle of ports to each subscriber because one subscriber can have
several simultaneous TCP sessions when accessing a web page. The assigned host key, or combination
of port bundle and SSG source IP address, uniquely identifies each subscriber. The host key is carried in
RADIUS packets sent between the SESM server and SSG in the Subscriber IP vendor-specific attribute
(VSA).
describes the Subscriber IP VSA. When the SESM server sends a reply to the subscriber,
SSG translates the destination IP address and destination TCP port according to the port map.
For each TCP session between a subscriber and the SESM server, SSG uses one port from the port bundle
as the port map. Port mappings are flagged as eligible for reuse on the basis of inactivity timers, but are
not explicitly removed once assigned. The number of port bundles is limited, but you can assign multiple
SSG source IP addresses to accommodate more subscribers.
as the port map. Port mappings are flagged as eligible for reuse on the basis of inactivity timers, but are
not explicitly removed once assigned. The number of port bundles is limited, but you can assign multiple
SSG source IP addresses to accommodate more subscribers.
SSG assigns the base port of the port bundle to a port map only if SSG has no state information for the
subscriber or if the state of the subscriber has changed. When the SESM server sees the base port of a
port bundle in the host key, SESM queries SSG for new subscriber state information.
subscriber or if the state of the subscriber has changed. When the SESM server sees the base port of a
port bundle in the host key, SESM queries SSG for new subscriber state information.
Table 1
Subscriber IP VSA Description
Attr ID
Vendor ID
Sub Attr ID and Type
Attr Name
Sub Attr Data
26
9
250 Account-Info
Subscriber IP
•
S—Account-Info code for subscriber IP.
•
<subscriber IP address>:<port-bundle
number>—The port-bundle number is used if
the SSG Port-Bundle Host Key feature is
configured.
number>—The port-bundle number is used if
the SSG Port-Bundle Host Key feature is
configured.