|
|
Table Of Contents
Communication Link Failure Handling
About the CNR LEG
This module describes the Subscriber Manager CNR LEG software module and the terms and concepts used in this guide.
The Cisco Network Registrar (CNR) Login Event Generator (LEG) is a software module that forwards login and logout events from the CNR to the Cisco Service Control Management Suite Subscriber Manager (SCMS SM). The CNR LEG is actually a CNR extension developed in C++. The extension points used by CNR LEG are:
•
init-entry•
post-send-packet•
post-packet-decodeThe CNR LEG Module
The CNR LEG module requires the use of option 82 sub-option 2 (Relay-Agent-Information Option with the Remote-Id sub-option), which contains the CM-MAC, in all DHCP requests. If option 82 does not exist in a renewal transaction, an attempt to extend the lease based solely on the IP address is performed. This will succeed only if the IP address was previously logged in to the Subscriber Manager (SM) by the LEG, in the event of a full DHCP transaction, or via other interfaces to the SM.
The CNR LEG protects the SM and the connection to the SM from any DHCP Denial of Service (DoS) attacks, which are performed on the CNR. To reduce the login rate to the SM, the LEG ignores identical DHCP requests that are approved by the CNR. The requests are sent to the CNR in short time intervals.
For additional information about extending the CNR functionality using extension points, see the CNR CLI Reference Guide .
The CNR LEG was carefully developed and thoroughly tested on Solaris and Windows platforms for both functional correctness and robustness. It does not jeopardize the stability or the reliability of the CNR.
Terms and Concepts
This section defines terms and concepts that are necessary for understanding the CNR LEG and Subscriber Manager (SM) configuration and operation. More information about all items can be found in the Cisco SCMS Subscriber Manager User Guide .
•
Communication Link Failure Handling
Subscriber Mappings
The main function of the CNR LEG is to provide the SM with network-ID-to-subscriber mappings in real time.
The SCE platform requires mappings between the network IDs (IP addresses) of the flows it encounters and the subscriber IDs. The SM database contains the network IDs that map to the subscriber IDs. The SCE network-ID-to-subscriber mappings are constantly updated from the SM database.
For information about the SCE platforms, see the Cisco Service Control Engine Software Configuration Guide .
Subscriber Domain
The SM provides the option of partitioning SCE platforms and subscribers into subscriber domains. A subscriber domain is a group of SCE platforms that share a group of subscribers. Subscriber domains can be configured using the SM configuration file and can be viewed using the SM Command-Line Utility (CLU).
It is also possible to configure domain aliases. A domain alias is a synonym for the actual domain name in the SM. Domain aliases are configured in the SM configuration file.
For additional information about domains and domain aliases, see the "Configuration File Options" module of the Cisco SCMS Subscriber Manager User Guide .
RPC Protocol (PRPC)
The CNR LEG communicates with the SM using a proprietary RPC (PRPC) protocol developed by Cisco. the SM Java, C, and C++ APIs also use PRPC. The CNR LEG uses the C++ API as its communication layer.
Subscriber Mode
The Subscriber Mode defines which entity is referred to as the subscriber in the LEG and in the SM.
Cable providers usually prefer using the Cable Modem (CM) as the subscriber entity to be assigned multiple IP addresses (one per Customer Premises Equipment (CPE)).
The CNR LEG supports the CPE as Subscriber and CM as Subscriber (the default) modes, as defined by the configuration.
The CNR LEG works with the SM cable support module when operating in the "CPE as Subscriber" mode. For additional information about cable environment subscriber modes, see the "CPE as Subscriber in Cable Environment" module of the Cisco SCMS Subscriber Manager User Guide .
DHCP DoS Attack Filter
The connection between the CNR LEG and the SM is a resource that should be protected against DHCP Denial of Service attacks. Such attacks are dispatched by sending a high rate of DHCP requests from a certain subscriber, which can cause the connection to overflow because of too many logon messages in a short period of time. The CNR LEG enables the administrator to use the filter that identifies such events of multiple identical DHCP requests and filters them to reduce the rate of logon messages to a predefined rate. The filter does not protect the CNR against attacks, but rather protects the connection to the SM.
SM Cable Support Module
The cable support module is an SM component that executes an API friendly to cable environment integrations. The cable support module translates between the cable subscriber terminology (CPE, CM, and CMTS) and the generic subscriber terms used by the Cisco Service Control Management system. The CNR LEG uses PRPC to invoke the cableLogin and cableLogout operations that are performed by the cable support module API.
The SM cable support module is used only in the CPE as Subscriber mode.
For additional information about the cable support module, see the "CPE as Subscriber in Cable Environment" module of the Cisco SCMS Subscriber Manager User Guide .
SM C++ API
The SM C++ API exposes a set of operations designed to enable subscriber integration with the Cisco system. The CNR LEG uses the SM C++ API as its basic communication layer.
For additional information about the C++ API, see the Cisco SCMS SM C/C++ API Programmer Guide .
Communication Link Failure Handling
A keep-alive mechanism periodically checks the communication link (socket) between the CNR LEG and the SM. The communication link fails when the socket is closed or a keep-alive timeout occurs. You can configure the keep-alive timeout in the SM configuration file.
In cases where a LEG to SM link fails, you can configure the SM to clear the mappings of all the subscribers that are updated by the failed LEG.
To learn more about communication link failure handling, see the "Configuration File Options" module of the Cisco SCMS Subscriber Manager User Guide .
Subscriber Auto-logout
The SM supports the configuration of an auto-logout timer (lease-time) for each subscriber. The timer is set when performing a subscriber cableLogin or login operation. The CNR LEG extracts and sets an auto-logout value from the DHCP IP lease expiration time option.
Posted: Thu Jan 31 21:29:57 PST 2008
All contents are Copyright © 1992--2008 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.