Using the Service Configuration Editor
Revised: December 14, 2011, OL-21064-07
Introduction
To configure a Service Control Engine (SCE) platform to handle traffic, you must define a service configuration and apply it to the platform. Use the Service Configuration Editor tool to create, define, and manage service configurations.
This module describes how to use the Service Configuration Editor tool.
•Service Configurations
•Managing Service Configurations
Service Configurations
A service configuration is a data structure that defines how the SCE platform analyses network traffic, what rules apply to the traffic, and what actions the SCE platform takes to enforce these rules.
A service configuration consists of the following two main elements:
•Services—Define the categories to which transactions are classified
•Packages—Define how the SCE platform acts upon transactions from different services
Service configurations are stored as PQB files.
Managing Service Configurations
This section explains how to:
•Manage service configurations
•Export and import service configuration data
•Apply service configurations to SCE platforms and retrieve them
Opening the Service Configuration Editor Tool
If no service configurations are open when you open or switch to the Service Configuration Editor tool, a No Service Configuration Is Open dialog box appears (see Figure 6-1).
Figure 6-1 No Service Configuration Is Open
•To create a new service configuration (see How to Add New Service Configurations), click Yes.
•To open an existing service configuration (see How to Open Existing Service Configurations), click No.
The Configuration option is included in the main menu only when at least one service configuration is open.
You can have many service configurations open at one time; each is displayed in its own view, and you click a view to make that view's service configuration active.
When a service configuration has unsaved changes, an asterisk precedes its name on the view.
How to Add New Service Configurations
You can add a new service configuration whenever necessary.
Note You cannot add a second new service configuration until you have saved the first one.
When a new service configuration opens, it contains the default service configuration supplied with SCA BB. This includes a default package, which contains a default service rule.
Step 1 In the Console toolbar, click (New Service Configuration).
A New Service Configuration Settings dialog box appears (Figure 6-2).
Figure 6-2 New Service Configuration Settings
Step 2 Select an operational mode for the service configuration.
Step 3 Select a routing classification mode for the system.
Selecting asymmetric routing classification mode gives more accurate protocol classification in topologies with a high rate of unidirectional flows. Several classification, reporting, and control features are not supported when this mode is enabled (see Asymmetric Routing Classification Mode).
Step 4 Click OK.
If you have set a default DSS file (see The Default DSS File), a Default Signature message appears (Figure 6-3).
Figure 6-3 Default Signature
•(Recommended) Click Yes to import the default DSS file.
•Click No to continue without importing the default DSS file.
The new service configuration is added to the Console window, open on the Network Traffic tab, and becomes the active service configuration (Figure 6-4).
Figure 6-4 Service Configuration Editor
How to Open Existing Service Configurations
You can open a saved service configuration for viewing or for editing, or to apply it to an SCE platform.
Service configuration files have the extension PQB.
Step 1 In the Console toolbar, click (Open A Service Configuration File). (Or, from the Console main menu, choose File > Open Service Configuration.)
An Open dialog box appears.
Step 2 Browse to a service configuration file.
Step 3 Click Open.
The Open dialog box closes.
If the default DSS file has not been imported into the service configuration, a Default Signature message appears (Figure 6-5).
Figure 6-5 Default Signature
If the default DSS file has not been imported into the service configuration, a Default Signature message appears.
•(Recommended) Click Yes to import the default DSS file.
•Click No to continue without importing the default DSS file.
The service configuration is loaded into the Console:
•This service configuration becomes the active service configuration.
•The title of the Console window includes the name of the service configuration.
How to Save the Current Service Configuration
You can save the active service configuration.
•How to Save the Current Service Configuration to a Service Configuration File
•How to Save the Current Service Configuration to the File from Which it Was Loaded
How to Save the Current Service Configuration to a Service Configuration File
Step 1 From the Console main menu, choose File > Save As.
A Save As dialog box appears.
•Enter your password if prompted.
Step 2 Browse to the folder where you want to save the file containing the service configuration.
Step 3 In the File name field, enter a new file name, or select an existing PQB file.
Step 4 Click Save.
The service configuration is saved to the selected file. If the file exists, it is overwritten.
During processing, a Saving Service Configuration File message appears.
How to Save the Current Service Configuration to the File from Which it Was Loaded
Step 1 In the Console toolbar, click (Save).
If the current service configuration was not loaded from a PQB file (that is, if it is new, or it was retrieved from an SCE platform), the Save As dialog box opens as in the previous procedure.
How to Close Service Configurations
Step 1 On the service configuration view, click (Close).
•If there are no unsaved changes, the service configuration view closes.
•If there are unsaved changes a Save Resource message appears (Figure 6-6).
Figure 6-6 Save Resource
•Click Yes:
–If this is an existing edited service configuration, the changes are saved and the service configuration view closes.
–If this is a new service configuration, a Save As dialog box opens.
Enter a name for the service configuration and click Save.
The Save As dialog box closes, the changes are saved, and the service configuration view closes.
How to Export Service Configuration Data
You can export service configuration data from the current service configuration to CSV files. The CSV file formats are described in the "CSV File Formats" chapter of Cisco Service Control Application Suit for Broadband Reference Guide.
Each type of service configuration element is exported to a separate file.
Step 1 From the Console main menu, choose File > Export.
The Export dialog box appears (Figure 6-7).
Figure 6-7 Export
Step 2 From the export destination list, select Export service configuration parts to CSV file.
Step 3 Click Next.
The Export Service Configuration Parts dialog box appears (Figure 6-8).
Figure 6-8 Export Service Configuration Parts to File
Step 4 Select one of the Select service configuration element to export radio buttons.
The radio buttons are:
•Service Elements
•Protocol Elements
•Zones
•Flavors
If you select Flavors, the flavors in the flavor area of the dialog box are enabled.
If you select Zones or Flavors, you have a choice to export the data in Standard format or Easy format.
In Easy format for flavor CSV files, lines in the files are in single URL format. for example, http://*.cisco.com/files*. Similarly, in Easy format for zone CSV files, lines in the files contains only zone items. For example, 1.0.0.0/32.
For more details on Standard format and Easy format, see the Cisco Service Control Application for Broadband Reference Guide.
Note Only those flavors for which a flavor type is defined in this service configuration are enabled.
Step 5 If you selected Flavors, select one of the flavor type radio buttons.
Step 6 Click Next.
The second screen of the Export Service Configuration Parts dialog box opens (Figure 6-9).
Figure 6-9 Export Service Configuration Parts to File
The Available elements pane lists all elements in the service configuration of the selected type.
Step 7 Select the elements to export, using the check boxes and the select buttons.
Step 8 (Only for Zones and Flavors) Select the format of the export file.
Step 9 In the Select the export destination area, click Browse.
An Open dialog box appears.
Step 10 Browse to the folder where you want to save the file containing the service configuration elements.
Step 11 In the File name field, enter a new file name, or select an existing CSV file.
(Only for Zones and Flavors) For Easy format, you need to select the folder and the file name will be the Zone or Flavor name.
Step 12 Click Open to select the file.
If the file exists, it is overwritten.
The Open dialog box closes.
Step 13 Click Finish.
The selected service configuration elements are exported to the file.
An Export Complete message appears (Figure 6-10).
Figure 6-10 Export Complete
Step 14 Click OK.
The Export Service Configuration Parts dialog box closes.
How to Import Service Configuration Data
You can import service configuration data to the current service configuration from CSV files. The CSV file formats are described in the "CSV File Formats" chapter of Cisco Service Control Application Suit for Broadband Reference Guide.
Each type of service configuration element is imported from a separate file.
Step 1 From the Console main menu, choose File > Import.
The Import dialog box appears (Figure 6-11).
Figure 6-11 Import
Step 2 From the Select an import source list, select Import service configuration parts from CSV file.
Step 3 Click Next.
The Import Service Configuration Parts dialog box appears (Figure 6-12).
Figure 6-12 Import Service Configuration Parts from File
Step 4 Select one of the Select service configuration element to import radio buttons.
The radio buttons are:
•Service Elements
•Protocol Elements
•Zones
•Flavors
If you select Flavors, the flavors in the flavor area of the dialog box are enabled.
Step 5 If you selected Flavors, select one of the flavor type radio buttons.
Step 6 Click Next.
The second screen of the Import Service Configuration Parts dialog box opens (Figure 6-13).
Figure 6-13 Import Service Configuration Parts from File
Step 7 (Only for Zones and Flavors) Select the format to Import.
Step 8 Click Browse.
An Open dialog box appears.
Step 9 Browse to the folder containing the file to import, and select a CSV file.
Step 10 Click Open to select the file.
The Open dialog box closes.
Step 11 Click Finish.
The configuration elements are imported from the file.
An Import Complete message appears (Figure 6-14).
Figure 6-14 Import Complete
Step 12 Click OK.
The Import Service Configuration Parts dialog box closes.
Applying and Retrieving Service Configurations
For a new or edited service configuration to take effect, you must apply it to the SCE platform. Until you do, the SCE platform continues to enforce the previous service configuration.
You can use the Service Configuration Editor to apply a service configuration to an SCE platform, but not to retrieve a service configuration.
You can apply or retrieve a service configuration using:
•The Network Navigator Tool
•servconf, the SCA BB Service Configuration Utility (see The SCA BB Service Configuration Utility)
•How to Validate the Current Service Configuration
•How to Apply a Service Configuration to SCE Platforms
How to Validate the Current Service Configuration
Use the Validate option to validate the new or updated service configuration currently displayed. The validation process checks for overall service configuration coherence, and points out possible pitfalls in the service configuration.
The Validate process runs automatically when you select Apply Service Configuration to SCE devices. The Validation Results dialog box appears only if the procedure found errors or issued warnings about the current service configuration.
Step 1 From the Console main menu, choose File > Validate.
The Validation Results dialog box appears (Figure 6-15 or Figure 6-16).
Figure 6-15 Validation Results - Service Configuration is valid
Figure 6-16 Validation Results - Service Configuration has errors
Any problems with the service configuration are listed in the Problems view.
Step 2 Click OK.
The Service Configuration Validation dialog box closes.
How to Apply a Service Configuration to SCE Platforms
When you click Apply Service Configuration to SCE Devices, the validation process runs automatically on the current service configuration.
Note You can use the Validate menu command to manually validate the service configuration.
Caution
If anomaly-based detection of malicious traffic is enabled, any access control list (ACL) that is configured on the Service Control Engine (SCE) platform but is not applied to anything (for example, an interface, an access map, or an SNMP community string) might be deleted when a service configuration is applied to the platform.
Workaround:
Disable anomaly-based detection of malicious traffic.
In the Network Traffic tab, select
Service Security.
In the Service Security Dashboard, clear the
Enable anomaly detection check box.
Step 1 In the Console toolbar, click (Apply Service Configuration to SCE Devices).
The Select SCE Devices dialog box appears (Figure 6-17).
Figure 6-17 Select SCE Devices
All SCE platforms defined in the Network Navigator are listed in the dialog box.
Step 2 Select one or more SCE platforms from the list.
Step 3 Click OK.
A Password Management dialog box appears for each platform selected.
Step 4 Enter the appropriate password.
Step 5 Click Apply.
The Password Management dialog box closes.
An Applying service configuration to SCE progress bar appears for each SCE platform selected.
The validation process runs on the service configuration.
•If there is a problem and the validation process ends with a warning or error, the Validation Results dialog box appears. Click OK, modify the service configuration based on the information provided in the Problems view, and then repeat this procedure.
•If the validation process runs successfully, the service configuration is applied to the selected SCE platforms.