Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
CoA, RADIUS DM, and Session Redirection (Hotlining)
▀ Session Redirection (Hotlining)
▄ Cisco ASR 5000 Series Enhanced Feature Configuration Guide
OL-22983-01
Session Redirection (Hotlining)
Overview
Session redirection provides a means to redirect subscriber traffic to an external server by applying ACL rules to the
traffic of an existing or a new subscriber session. The destination address and optionally the destination port of TCP/IP
or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated redirected address.
Return traffic to the subscriber has the source address and port rewritten to the original values. The redirect ACL may be
applied dynamically by means of the RADIUS Change of Authorization (CoA) feature.
traffic of an existing or a new subscriber session. The destination address and optionally the destination port of TCP/IP
or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated redirected address.
Return traffic to the subscriber has the source address and port rewritten to the original values. The redirect ACL may be
applied dynamically by means of the RADIUS Change of Authorization (CoA) feature.
Note that the session redirection feature is only intended to redirect a very small subset of subscribers at any given time.
The data structures allocated for this feature are kept to the minimum to avoid large memory overhead in the session
managers.
The data structures allocated for this feature are kept to the minimum to avoid large memory overhead in the session
managers.
Operation
ACL Rule
An ACL rule named readdress server supports redirection of subscriber sessions. The ACL containing this rule must
be configured in the destination context of the user. Only TCP and UDP protocol packets are supported. The ACL rule
allows specifying the redirected address and an optional port. The source and destination address and ports (with respect
to the traffic originating from the subscriber) may be wildcarded. If the redirected port is not specified, the traffic will be
redirected to the same port as the original destination port in the datagrams. For detailed information on configuring
ACLs, refer to the IP Access Control Lists chapter. For more information on readdress server, refer to the ACL
Configuration Mode Commands chapter of the Command Line Interface Reference.
be configured in the destination context of the user. Only TCP and UDP protocol packets are supported. The ACL rule
allows specifying the redirected address and an optional port. The source and destination address and ports (with respect
to the traffic originating from the subscriber) may be wildcarded. If the redirected port is not specified, the traffic will be
redirected to the same port as the original destination port in the datagrams. For detailed information on configuring
ACLs, refer to the IP Access Control Lists chapter. For more information on readdress server, refer to the ACL
Configuration Mode Commands chapter of the Command Line Interface Reference.
Redirecting Subscriber Sessions
An ACL with the readdress server rule is applied to an existing subscriber session through CoA messages from the
RADIUS server. The CoA message contains the 3GPP2-Correlation-ID, User-Name, Acct-Session-ID, or Framed-IP-
Address attributes to identify the subscriber session. The CoA message also contains the Filter-Id attribute which
specifies the name of the ACL with the readdress server rule. This enables applying the ACL dynamically to existing
subscriber sessions. By default, the ACL is applied as both the input and output filter for the matching subscriber unless
the Filter-Id in the CoA message bears the prefix in: or out:.
RADIUS server. The CoA message contains the 3GPP2-Correlation-ID, User-Name, Acct-Session-ID, or Framed-IP-
Address attributes to identify the subscriber session. The CoA message also contains the Filter-Id attribute which
specifies the name of the ACL with the readdress server rule. This enables applying the ACL dynamically to existing
subscriber sessions. By default, the ACL is applied as both the input and output filter for the matching subscriber unless
the Filter-Id in the CoA message bears the prefix in: or out:.
For information on CoA messages and how they are implemented in the system, refer to the RADIUS Change of
Authorization and Disconnect Message section.
Authorization and Disconnect Message section.