Rule Definitions - Cisco ASR 5000 series Product Overview

▀ How ECS Works

Rule Definitions

Rule definitions (Ruledefs) are user-defined expressions, based on protocol fields and/or protocol-states, which define
what actions to take when specific field values are true. Expressions may contain a number of operator types (string, =,
>, etc.) based on the data type of the operand. For example, ―string‖ type expressions like URLs and host name can be
used with comparison operators like ―contains‖, ―!contains‖, ―=‖, ―!=‖, ―starts-with‖, ―ends-with‖, ―!starts-with‖ and
―!ends-with‖. Integer type expressions like ―packet size‖ and ―sequence number‖ can be used with comparison
operators like ―=‖, ―!=‖, ―>=‖, ―<=‖. Each ruledef configuration consists of multiple expressions applicable to any of
the fields or states supported by the respective analyzers.
Ruledefs are of the following types:
Routing Ruledefs: Routing ruledefs are used to route packets to content analyzers. Routing ruledefs determine
which content analyzer to route the packet to when the protocol fields and/or protocol-states in ruledef
expression are true. Up to 256 ruledefs can be configured for routing.
Charging Ruledefs: Charging ruledefs are used to specify what action to take based on the analysis done by the
content analyzers. Actions can include redirection, charge value, and billing record emission. Up to 2048
ruledefs can be configured for charging.
Post-processing Ruledefs: Used for post-processing purposes. Enables processing of packets even if the rule
matching for them has been disabled.
When a ruledef is created if the rule-application is not specified, by default the system configures the ruledef as a
charging ruledef.
Ruledefs support a priority configuration to specify the order in which the ruledefs are examined and applied to packets.
The names of the ruledefs must be unique across the service or globally. A ruledef can be used across multiple
rulebases.
Important:
the charging actions are applied. The ruledef with the lowest priority number invokes first. For routing ruledefs, it is
important that lower level analyzers (such as the TCP analyzer) be invoked prior to the related analyzers in the next
level (such as HTTP analyzer and S-HTTP analyzers), as the next level of analyzers may require access to resources or
information from the lower level. Priorities are also important for charging ruledefs as the action defined in the first
matched charging rule apply to the packet and ECS subsystem disregards the rest of the charging ruledefs.
Each ruledef can be used across multiple rulebases, and up to 2048 ruledefs can be defined in a charging service.
Ruledefs have an expression part, which matches specific packets based upon analyzer field variables. This is a boolean
(analyzer_field operator value) expression that tests for analyzer field values.
The following is an example of a ruledef to match packets:
–or–
The following is an example of a ruledef to route packets to the HTTP analyzer:
▄ Cisco ASR 5000 Series Product Overview
Ruledef priorities control the flow of the packets through the analyzers and control the order in which
Enhanced Charging Service Overview
OL-22938-02