Http Redirect Using Pbr - Cisco ASR 9000 Series Configuration Manual

HTTP Redirect Using PBR

Specifying a Set of Addresses or Prefixes Inside a Subnet: An example
configure
pool vrf default ipv6 test
prefix-length 120
network 1101:1::/114
utilization-mark high 70 low 30
exclude 1101:1::100 ::
!
!
end
HTTP Redirect Using PBR
The HTTP Redirect (HTTPR) feature is used to redirect subscriber traffic to a destination other than the one
to which it was originally destined. The HTTPR feature is implemented using Policy Based Routing (PBR)
that makes packet forwarding decisions based on the policy configuration, instead of routing protocols. The
HTTPR feature is implemented by sending an HTTP redirect response, which contains the redirect URL, back
to the HTTP client that originally sent the request. Thereafter, the HTTP client sends requests to the redirected
URL. HTTPR is supported for both IPv4 and IPv6 subscribers.
The most common use of HTTPR feature is for initial logon. In some cases, it is not possible to uniquely
identify a subscriber and authorize them. This happens when the subscriber is using a shared network access
medium to connect to the network. In such cases, the subscriber is allowed to access the network but restricted
to what is known as an "open-garden". An open-garden is a collection of network resources that subscribers
can access as long as they have physical access to the network. Subscribers do not have to provide authentication
information before accessing the web sites in an open-garden.
When subscribers try to access resources outside the open-garden (which is called the "walled-garden"), they
are redirected to a web logon portal. The walled-garden refers to a collection of web sites or networks that
subscribers can access after providing minimal authentication information. The web logon portal requires the
subscriber to login using a username and password. Thereafter, the web logon portal sends an account-logon
CoA to BNG with user credentials. On successful authentication of these credentials, BNG disables the redirect
and applies the correct subscriber policies for direct network access. Other uses of HTTPR include periodic
redirection to a web portal for advertising reasons, redirection to a billing server, and so on.
The PBR function is configured in its own dynamic template. If the dynamic template contains other functions
too, then the PBR policy that redirects packets must be deactivated using a CoA.
BNG maintains HTTP redirect statistics counters that track the number of packets that are being either redirected
or dropped. The HTTP protocol uses some status codes to implement HTTPR. Currently, the redirect codes
302 (for HTTP version 1.0) and 307 (for HTTP version 1.1) are supported on BNG.
• HTTP redirect applies only to HTTP packets. As a result, other services such as SMTP, FTP are not
Note
• HTTPS is not supported.
• Destination URL-based classification is not supported.
The process of configuring HTTPR involves these stages:
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide,
Release 4.3.x
258
affected by this feature. Nevertheless, if these other services are part of the redirect classification
rules, then the packets are dropped and not forwarded.
Configuring Subscriber Features
OL-28375-03