Cisco Cisco Packet Data Gateway (PDG)
Session Redirection (Hotlining)
Functionality described for this feature in this segment is not applicable for HNB-GW sessions.
Important
Overview
Session redirection provides a means to redirect subscriber traffic to an external server by applying ACL rules
to the traffic of an existing or a new subscriber session. The destination address and optionally the destination
port of TCP/IP or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated
redirected address. Return traffic to the subscriber has the source address and port rewritten to the original
values. The redirect ACL may be applied dynamically by means of the RADIUS Change of Authorization
(CoA) feature.
to the traffic of an existing or a new subscriber session. The destination address and optionally the destination
port of TCP/IP or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated
redirected address. Return traffic to the subscriber has the source address and port rewritten to the original
values. The redirect ACL may be applied dynamically by means of the RADIUS Change of Authorization
(CoA) feature.
Note that the session redirection feature is only intended to redirect a very small subset of subscribers at any
given time. The data structures allocated for this feature are kept to the minimum to avoid large memory
overhead in the session managers.
given time. The data structures allocated for this feature are kept to the minimum to avoid large memory
overhead in the session managers.
License Requirements
The Session Redirection (Hotlining) is a licensed Cisco feature. A separate feature license may be required.
Contact your Cisco account representative for detailed information on specific licensing requirements. For
information on installing and verifying licenses, refer to the Managing License Keys section of the Software
Management Operations chapter in the System Administration Guide.
Contact your Cisco account representative for detailed information on specific licensing requirements. For
information on installing and verifying licenses, refer to the Managing License Keys section of the Software
Management Operations chapter in the System Administration Guide.
Operation
ACL Rule
An ACL rule named readdress server supports redirection of subscriber sessions. The ACL containing this
rule must be configured in the destination context of the user. Only TCP and UDP protocol packets are
supported. The ACL rule allows specifying the redirected address and an optional port. The source and
destination address and ports (with respect to the traffic originating from the subscriber) may be wildcarded.
If the redirected port is not specified, the traffic will be redirected to the same port as the original destination
port in the datagrams. For detailed information on configuring ACLs, refer to the IP Access Control Lists
chapter in the System Administration Guide. For more information on readdress server, refer to the ACL
Configuration Mode Commands chapter of the Command Line Interface Reference.
rule must be configured in the destination context of the user. Only TCP and UDP protocol packets are
supported. The ACL rule allows specifying the redirected address and an optional port. The source and
destination address and ports (with respect to the traffic originating from the subscriber) may be wildcarded.
If the redirected port is not specified, the traffic will be redirected to the same port as the original destination
port in the datagrams. For detailed information on configuring ACLs, refer to the IP Access Control Lists
chapter in the System Administration Guide. For more information on readdress server, refer to the ACL
Configuration Mode Commands chapter of the Command Line Interface Reference.
Redirecting Subscriber Sessions
An ACL with the readdress server rule is applied to an existing subscriber session through CoA messages
from the RADIUS server. The CoA message contains the 3GPP2-Correlation-ID, User-Name, Acct-Session-ID,
or Framed-IP-Address attributes to identify the subscriber session. The CoA message also contains the Filter-Id
attribute which specifies the name of the ACL with the readdress server rule. This enables applying the ACL
from the RADIUS server. The CoA message contains the 3GPP2-Correlation-ID, User-Name, Acct-Session-ID,
or Framed-IP-Address attributes to identify the subscriber session. The CoA message also contains the Filter-Id
attribute which specifies the name of the ACL with the readdress server rule. This enables applying the ACL
HNB-GW Administration Guide, StarOS Release 19
140
CoA, RADIUS DM, and Session Redirection (Hotlining)
Session Redirection (Hotlining)