Universal Plug and Play (UPnP), which is a set of specifications defined by the UPnP forum. One specification is called Internet Gateway Device (IGD) which defines a protocol for clients to automatically configure port mappings on a NAT device. Today, many gaming, P2P, VoIP applications support the UPnP IGD protocol. The SR OS supports the following UPnP version 1 InternetGatewayDevice version 1 features:
Supports only L2-Aware NAT hosts.
Distributed subscriber management is not supported.
The UPnP server runs on NAT ISA and only serves the local L2-Aware NAT hosts on the same ISA.
The UPnP server can be enabled per subscriber by configuring a upnp-policy in the sub-profile.
UPnP discovery is supported.
UPnP eventing is not supported.
The following IGD devices and services are supported:
WANDevice
WANConnectionDevice
WANIPConnection service
For WANIPConnection services:
Optional state variables in a WANIPConnection service are not supported.
Optional actions in a WANIPConnection services are not supported.
Wildcard ExternalPort is not supported.
Only supports wildcard RemoteHost.
Up to 64 bytes of port mapping description are supported.
The SR OS supports a vendor specific action X_ClearPortMapping. This clears all port mappings of the subscriber belonging to the requesting host. This action has no in or out arguments.
If the NewExternalPort in an addPortMapping request is same as the external port of one existing UPnP port mapping:
If NewInternalClient is different from InternalClient of existing mapping, then the system rejects the request.
If NewInternalClient is same as InternalClient of existing mapping:
With strict-mode on, if the source IP address of the request is same as InternalClient of existing mapping, then the request is accepted; otherwise the request is rejected.
With strict-mode off, the request is accepted.
The system also supports the Alc-UPnP-Sub-Override-Policy RADIUS VSA which can be included in access-accept or CoA request. It can be used to override the upnp-policy configured in sub-profile or disable UPnP for the subscriber. See RADIUS reference guide for detail usage.