Product Documentation

Subscriber-Aware Service Chaining

Oct 19, 2016
With the huge increase in the data traffic passing through telco networks, it is no longer feasible for service providers to steer all the traffic through all the value added services (VAS). A service provider should be able to optimize usage of VAS and intelligently steer traffic to improve the user experience. For example, video optimization is not required for traffic that does not include a video. Moreover, if a subscriber is connected to a 4G network, content can be streamed in high definition (HD), and video optimization might not be needed. However, video optimization improves the experience for a user in a 3G network. Similarly, caching provides a faster and better user experience and can be enabled depending on the subscriber plan. Another example of VAS is parental control. If parents provide a mobile handset to a minor child, they would like some kind of control over the websites that their child visits.  

To do the above and more, service providers must be able to provide value-added services on a per-subscriber basis. In other words, entities in the service provider network must be capable of extracting the subscriber information and intelligently steering the packet on the basis of this information. 

Service chaining determines the set of services through which the traffic from a subscriber must pass before going to the Internet. Instead of sending all the traffic to all the services, the NetScaler intelligently routes all requests from a subscriber to a specific set of services on the basis of the policy defined for that subscriber.  

The following figure shows the entities involved in service chaining. The values shown are configured in the procedure that follows the figure. A content switching virtual server on the NetScaler appliance directs requests to the value added services or skips them, depending on the defined rule, and then sends the packet out to the Internet after performing LSN. 

localized image

To configure service chaining for the above deployment by using the NetScaler command line:

1. Add the appliance’s subnet IP (SNIP) addresses.


     add ns ip -type snip

     add ns ip -type snip

     add ns ip -type snip

     add ns ip -type snip

     add ns ip -type snip

     add ns ip -type snip

     add ns ip -type snip

     add ns ip -type snip

2. Add the VLANs. VLANs help the appliance identify the source of the traffic. Bind the VLANs to the interfaces and subnet IP addresses. Add an ingress and an egress VLAN for each VAS.


     add vlan 10

     add vlan 20

     add vlan 30

     add vlan 40

     add vlan 50

     add vlan 60

     add vlan 100

     add vlan 200

     bind vlan 10 -ifnum 1/4 -tagged -IPAddress

     bind vlan 20 -ifnum 1/4 -tagged -IPAddress

     bind vlan 20 -ifnum 1/4 -tagged -IPAddress

     bind vlan 20 -ifnum 1/4 -tagged -IPAddress

     bind vlan 20 -ifnum 1/4 -tagged -IPAddress

     bind vlan 20 -ifnum 1/4 -tagged -IPAddress

     bind vlan 100 -ifnum 1/2 -tagged -IPAddress

     bind vlan 200 -ifnum 1/3 -tagged -IPAddress

3. Specify the VLAN on which the subscriber traffic arrives on the appliance. Specify the service path AVP that tells the appliance where to look for the service path name within the subscriber session. For primary PCEF functionality, specify the interfaceType as RadiusAndGx.


     set ns param -servicePathIngressVLAN 100

     set subscriber gxinterface -servicepathAVP 1001 1005 -servicepathVendorid 10415

     set subscriber param -interfaceType RadiusAndGx

4. Configure a service and virtual server of type Diameter, and bind the service to the virtual server. Then, specify the PCRF realm and subscriber Gx interface parameters. For primary PCEF functionality, configure a RADIUS listener service and RADIUS interface.


     add service sd1 DIAMETER 3868

     add lb vserver vdiam DIAMETER 0 -persistenceType DIAMETER -persistAVPno 263

     bind lb vserver vdiam sd1

     set ns diameter -identity -realm

     set subscriber gxInterface -vServer vdiam -pcrfRealm -holdOnSubscriberAbsence YES -idleTTL 1200 -negativeTTL 120

     add service srad1 RADIUSListener 1813

     set subscriber radiusInterface -listeningService srad1

5. Add service functions to associate a VAS with an ingress VLAN. Add a service path to define the chain, that is, specify the VAS that the packet must be sent to and the order in which it must go to that VAS. The service path name is usually sent by the PCRF.  However, the service path of the default subscriber profile (*) applies if any of the following is true:

  • PCRF does not have the subscriber information.
  • The subscriber information does not include this AVP.
  • The appliance is unable to query the PCRF. For example, the service representing the PCRF is DOWN.

The service path AVP that contains this name must be configured as part of the global configuration earlier. Bind the service function to the service path. The service index specifies the order in which the VAS is added to the chain. The highest number (255) indicates the beginning of the chain. 


     add ns servicefunction SF1 -ingressVLAN 20

     add ns servicefunction SF2 -ingressVLAN 40

     add ns servicefunction SF3 -ingressVLAN 60

     add ns servicepath pol1

     bind ns servicepath pol1 -servicefunction SF1 -index 255

     bind ns servicepath pol1 -servicefunction SF2 -index 254

     bind ns servicepath pol1 -servicefunction SF3 -index 253

     add ns servicepath pol2

     bind ns servicepath pol2 -servicefunction SF2 -index 255

     add ns servicepath pol3

     bind ns servicepath pol3 -servicefunction SF1 -index 255

     add subscriber profile * -subscriberrules default_path 

6. Add the LSN configuration. That is, define the NAT pool and identify the clients for which the appliance must perform LSN.


     add lsn pool pool1

     bind lsn pool pool1

     add lsn client client1

     bind lsn client client1 -network -netmask

     add lsn group group1 -clientname client1

     bind lsn group group1 -poolname pool1

7. The appliance performs LSN by default. To override LSN, you must create a net profile with overrideLsn parameter enabled and bind this profile to all the load balancing virtual servers that are configured for value added services (VASs).


     add netprofile np1

     set netprofile np1 -overrideLsn ENABLED

     set lb vserver vs1 -netprofile np1

8. Configure the VAS on the appliance. This includes creating the services and virtual servers and then binding the services to the virtual servers.


     add service vas1 ANY 80 -usip YES

     add service vas2 ANY 80 -usip YES

     add service vas3 ANY 80 -usip YES

     add service sint ANY 80 -usip YES

     add lb vserver vs1 ANY -m MAC -l2Conn ON

     add lb vserver vs2 ANY -m MAC -l2Conn ON

     add lb vserver vs3 ANY -m MAC -l2Conn ON

     add lb vserver vint ANY -m MAC -l2Conn ON

     bind lb vserver vs1 vas1

     bind lb vserver vs2 vas2

     bind lb vserver vs3 vas3

     bind lb vserver vint sint

9. Add the content switching (CS) configuration. This includes virtual servers, policies, and their associated actions. The traffic arrives at the CS virtual server and is then redirected to the appropriate load balancing virtual server. Define expressions that associate a virtual server with a service function.


     add cs vserver cs1 ANY * 80 -l2Conn ON

     add cs action csact1 -targetLBVserver vs1

     add cs action csact2 -targetLBVserver vs2

     add cs action csact3 -targetLBVserver vs3

     add cs action csactint -targetLBVserver vint

     add cs policy cspol1 -rule "SUBSCRIBER.SERVICEPATH.IS_NEXT(\"SF1\") && SYS.VSERVER(\"vs1\").STATE.EQ(UP)" -action csact1

     add cs policy cspol2 -rule "SUBSCRIBER.SERVICEPATH.IS_NEXT(\"SF2\") && SYS.VSERVER(\"vs2\").STATE.EQ(UP)" -action csact2

     add cs policy cspol3 -rule "SUBSCRIBER.SERVICEPATH.IS_NEXT(\"SF3\") && SYS.VSERVER(\"vs3\").STATE.EQ(UP)" -action csact3

     bind cs vserver cs1 -policyName cspol1 -priority 110

     bind cs vserver cs1 -policyName cspol2 -priority 120

     bind cs vserver cs1 -policyName cspol3 -priority 130

     bind cs vserver cs1 -lbvserver vint

To configure service chaining on the appliance by using the NetScaler GUI

  1. Navigate to System > Network > IPs and add the subnet IP addresses.
  2. Navigate to System Network > VLANs and add VLANs, Bind the VLANs to the interfaces and subnet IP addresses.
  3. Navigate to Traffic Management > Service Chaining > Configure Service Path Ingress VLAN and specify an ingress VLAN. 
  4. Navigate to Traffic Management > Subscriber > Parameters > Configure Subscriber Parameters and specify the following:
    • Interface Type: Specify RadiusAndGx.
    • Configure a diameter virtual server, PCRF realm, and the subscriber GX interface parameters.
    • Specify the RADIUS interface parameters. 
  5. Navigate to Traffic Management > Service Chaining > Service Function and add service functions to associate a value-added service with an ingress VLAN. 
  6. Navigate to System > Network > Large Scale NAT. Click Pools and add a pool. Click Clients and add a client. Click Groups and add a group and specify the client. Edit the group and bind the pool to this group.
  7. Navigate to System Network Net Profiles and add a net profile. Select Override LSN. Optionally, navigate to System > Network > Settings > Configure Layer 3 Parameters and verify that Override LSN is not selected. 
  8. Navigate to Traffic Management > Load Balancing > Virtual Servers and configure the virtual servers and value-added services on the appliance. Bind the services and the net profile to the virtual server.
  9. Navigate to Traffic Management > Content Switching > Virtual Servers and configure a virtual server, policy, and action. Specify the target load balancing virtual server.