In the context of URL content charging, also known as zero rating, the DNS IP cache (dns-ip-cache command) feature ensures that only legitimate traffic is classified in an application and charging-group. Subscribers’ DNS responses matching a list of domain names used for content charging populate the DNS IP cache. The system can then be configured to create app-filters matching HTTP or HTTPS expressions as well as the IP cache ensuring that traffic is properly classified. If the operator uses proxies in their network, they may also configure a maximum of 8 IP addresses which match the IP addresses of the proxies used. Traffic whose destination IP address matches one of the configured proxies is assumed to be legitimate traffic.
To configure the system for URL content charging strengthening with a dns-ip-cache the operator needs to:
Create an application of interest and its related app-filter’s URL expressions. This application is typically mapped into a charging-group.
Create a dns-ip-cache. Configure parameters so the IP cache is populated by the domain names from the application mapped to the zero rating charging group and specify which DNS server IP addresses the IP cache listens from.
Configure a AQP to enable the dns-ip-cache.
Optionally, configure static IP addresses matching the IP addresses of the trusted proxies.
Use the following CLI syntax to create a dns-ip-cache:
config>app-assure>group#
dns-ip-cache dns-ip-cache-name [create]
dns-match
description <description-string>
no description
domain <domain-name> expression <expression>
no domain <domain-name>
server-address <server-address> [name <server-name>]
no server-address <server-address>
ip-cache
size <cache-size>
high-watermark <percent>
low-watermark <percent>
[no] static-address <static-ip-address>
[no] shutdown
The following example displays a configuration for a dns-ip-cache configured to snoop DNS responses for two different domains ‟*.domain1.com” and ‟*domain2.com” which are zero rated or charged specifically by the operator. The configuration only uses DNS responses from the DNS server addresses configured within the dns-match to populate the ip-cache:
7750>config>app-assure>group# info
----------------------------------------------
dns-ip-cache "dns-ip-cache1" create
description "DNS IP Cache #1"
dns-match
domain "Sponsor#1-Domain#1" expression "*.domain1.com$"
domain "Sponsor#1-Domain#2" expression "*.domain2.com$"
server-address 10.8.4.4 name "CompanyName"
server-address 10.8.8.8 name "CompanyName"
server-address 192.168.100.11 name "OperatorX-DNS1"
server-address 192.168.100.12 name "OperatorX-DNS2"
exit
ip-cache
size 1000
high-wmark 90
low-wmark 80
exit
no shutdown
exit
----------------------------------------------
The domains configured in the dns-ip-cache must match the app-filter expressions for the applications zero rated or charged specifically by the operator. The following example displays the charging-group Zero Rated and application Sponsor Content #1 configuration:
7750>config>app-assure>group>policy# info
----------------------------------------------
charging-group "Zero Rated" create
description "Zero Rated Content"
export-id 10
exit
app-group "Web" create
exit
application "Sponsor Content #1" create
description "Application#1 - Content Zero Rated"
app-group "Web"
charging-group "Zero Rated"
exit
app-filter
entry 100 create
expression 1 http-host eq "*.sponsor1-domain1.com$"
server-address eq dns-ip-cache "dns-ip-cache1"
application "Sponsor Content #1"
no shutdown
exit
entry 110 create
expression 1 http-host eq "*.domain2.com$"
server-address eq dns-ip-cache "dns-ip-cache1"
application "Sponsor Content #1"
no shutdown
exit
exit
---------------------------------------------------------------------------
The following example displays the AQP entry to enable the dns-ip-cache to snoop DNS responses; this can be optionally based on ASO characteristics:
A:7750>config>app-assure>group>policy>aqp# entry 100 create
match
characteristic "dns-ip-cache" eq "yes"
exit
action
action dns-ip-cache "dns-ip-cache1"
exit
no shutdown