This section describes the 7450 ESS or 7750 SR acting as a Broadband Subscriber Aggregator (BSA).
In a Triple Play network it may not be wanted (or feasible) to perform manual provisioning of new services and service changes. The ideal way of working is automatic provisioning, with the end-user supplying his details at a retailer, or (if physical connectivity is already present through an on-line customer portal).
The 7450 ESS and 7750 SR support a special ACL that automatically redirects subscribers to a predefined URL. This is done by sending a HTTP 302 (moved) message to the subscriber, regardless of the requested URL.
The message flow is as follows (see Figure: IP illustration of message flow in web portal redirect below):
The subscriber gets an IP address using DHCP (if the customer is trying to use a static IP he is blocked by the anti-spoofing filter).
The subscriber tries to connect to a website (TCP SYN, TCP ACK, HTTP GET).
The 7450 ESS or 7750 SR intercepts the HTTP GET request and discards it.
The 7450 ESS or 7750 SR then responds to the subscriber with a HTTP 302 message (service temporarily unavailable or moved), containing a new target URL (that of the portal) configured by the operator. This target URL can include the subscriber’s IP and MAC addresses as part of the portal’s URL string.
The subscriber’s web browser closes the original TCP connection and opens a new connection to the web portal where the subscriber can sign up or change his/her service Profile.
After approving the changes, the web portal updates the ACL (directly or through another system such as the Nokia 5750 SSC) to remove the redirection policy.
The subscriber can now connect to the original site.
The items in red text in Figure: IP illustration of message flow in web portal redirect are messages the 7450 ESS or 7750 SR sends (masquerading as the destination), regardless of the destination IP address or type of service.
The following displays information that can optionally be added as variables in the portal URL (http-redirect url):
$IP
Customer’s IP address
$MAC –
Customer’s MAC address
$URL
Original requested URL
$SAP
Customer’s SAP
$SUB
Customer’s subscriber identification string
$CID
The string that represents the circuit-id or interface-id of the subscriber host (hexadecimal format)
$RID
The string that represents the remote-id of the subscriber host (hexadecimal format)
The subscriber’s IP and MAC address variables are populated from the anti-spoofing list, and therefore anti-spoofing must be enabled (see section Anti-spoofing filters).
Because most websites are accessed using the domain name, the 7450 ESS or 7750 SR needs to allow DNS queries, and an ACL entry to this effect should be included in the filter (see Configuring Web Portal Redirect).