Cisco ASR 5000 Series Administration Manual page 39

Enhanced Charging Service Overview
Important:
dynamic SDFs are removed immediately. The usage incurred by the subscriber for traffic matching the removed SDFs
will be reported over the Gy interface when the usage reporting for the corresponding rating group is due.
In case DNS queries made by different subscribers produce different results, all the dynamically generated SDFs are
stored based on their TTL and the configured timer.
DNS Snooping supports DNS responses containing nested CNAME responses.
When the DNS response contains nested CNAME record, a list per entry in the IP-table is dynamically allocated to store
the CNAME. CNAME is the canonical name of the alias, which means the q-name to which the actual query was made
is the alias name and this CNAME is the actual domain name to which the query should be made. So, the IP addresses
found in response to CNAME DNS query is stored in the same IP-pool as that of the alias.
Here, either the DNS response to the actual alias contains CNAME record along with its A record or only the CNAME
record. In the first case the IP address is already resolved for CNAME and it is included in the learnt IP addresses IP-
pool.
In both the scenarios, the list of CNAMES is stored in the same record of the IP-table, which is keyed by
operator+domain. By default, the operator for CNAME is "equal". So, while snooping DNS responses, DNS responses
for a-name as in the CNAME list will also be snooped and the IP addresses stored in the corresponding IP-pool. This
allows the feature to work in case DNS responses have nested CNAME response.
Like IP addresses, even CNAME entries have TTL associated with them. In the same five minute timer, where the aged
IP addresses are timed out, the CNAME entries will also be looked at and the expired CNAME entries reference
removed from the corresponding entry.
The DNS Snooping feature supports both IPv4 and IPv6 addresses. The following are the maximum limits:
 IPv4 addresses learnt per server-domain-name pattern: 200
 IPv4 addresses learnt per instance across all IPv4 pools: 51200
 IPv6 addresses learnt per server-domain-name pattern: 100
 IPv6 addresses learnt per instance across all IPv6 pools: 25600
Rule matching: While matching rule for IP packets, it will be checked if the source IP address matches any of the entries
stored in the IP pools formed as part of DNS snooping. If a match is found, the corresponding ruledef is determined
from the IP table. The other rule lines of the rule are matched, and if it is the highest priority rule matched it is returned
as a match. The corresponding charging-action is applied. So the same priority as that of the domain name is applied to
its corresponding IP addresses, and is matched as a logical OR of the domain or the IP addresses.
Lookup (matching) is performed in learnt IP pools only for the first packet of the ADS as the destination IP address will
not change for that flow, and will match the same rule (last rule matched for this ADS flow) for all the packets of the
flow. This enables to have the same rule matched even if its IP addresses get aged out when the flow is ongoing.
In 12.3 and earlier releases, the CLI command
statistics sessmgr all
though the pattern has not learnt any IP address.
When a large number of DNS snooping ruledefs are configured (configured as ip server-domain name under ruledef
configuration), the memory allocated for sending this information exceeds the message size limit for messenger calls
and hence the crash is observed.
In 14.0 and later releases, the
CLI command will be displaying only the patterns for which at least one IPv4/IPv6 address is learnt as all other
information is available from the configuration.
The following call flow illustration and descriptions explain how the DNS Snooping feature works.
If the rule created using this feature is removed from the configuration then all the associated
displayed all the configured patterns and rulebase names for each pattern entry, even
show active-charging dns-learnt-ip-addresses statistics sessmgr all
show active-charging dns-learnt-ip-addresses
Cisco ASR 5x00 Enhanced Charging Services Administration Guide ▄
Enhanced Features and Functionality ▀
39