Document toolboxDocument toolbox

Scaling Using Subscriber Sites

Owned by Panna .
Last updated: Sept 05, 2024 by Shwetha S
13 min read

You can create subscriber sites and add a Grid member as a collector member and RPZ members to the site in order to scale the number of subscribers that the system can support. The subscriber collector caches the subscriber data received from the NAS gateways and parental control policies the from Infoblox Harmony product. The RPZ members use the cached subscriber data and the policies to resolve DNS queries. You can add a maximum of five Grid members to the subscriber site. Note that one Grid member can serve only one subscriber site. The subscriber identity information cached in the subscriber cache is replicated between the Grid members in the subscriber site.

You can configure the NAT port as an IPSD, where the subscribers first deterministic NAT port is used as IPSD, to distinguish from other subscribers using the same IP address. The NAT algorithms use the port range allocation where the first usable port for the subscriber is provided in a RADIUS accounting AVP. It also supports the first port in the range as a discriminator between subscribers using the same IP address. In a strict NAT configuration, where only the NATed subscribers are allowed, the value of the AVP Deterministic NAT port must be a non zero value in the RADIUS accounting message. The ports from 1-1023 (inclusive) are reserved in a deterministic port configuration.

You can manage the subscriber sites as discussed in the following sections:

Additionally, you can Import subscriber site data by using the CSV Import option on the Toolbar.

Limitations using NAT port as IPSD

  • No acceleration support using SNIC appliances, however, it is supported for all appliances including vDCA acceleration.
  • You need to restart the DNS service.
  • IPSD is a global configuration that applies to all Sites. IPSD may be set from CSV, WAPI, and CLI to a different AVP.
  • A performance penalty for Dynamic subscribers (without Deterministic-Nat-Port AVP) in Deterministic Sites (Sites with block_size configuration) requires two lookups.
  • NAT port can be configured as IPSD only if the subscriber services properties is set to Deterministic-Nat-Port and block size must be greater than zero.
  • The site block size must be the same as the deployment CGNAT block size configuration.
  • Changing the site block size will initialize the state of the subscriber collection.
  • Static default network policies in a strict NAT configuration (Allow NATed Subscribers only) will not resolve at the DCA.

Adding Subscriber Sites

To add a subscriber site, complete the following:

  1. From the Data Management tab -> DNS tab -> Subscriber Services Deployment tab -> Subscriber Sites tab, click the Add icon.
  2. In the Add Subscriber Site wizard, complete the following:
    1. Name: Enter the name of the subscriber site.
    2. Maximum Subscribers: Specify the maximum number of subscribers for the subscriber site. This represents the overall size of the subscriber cache. You can enter a value between 10000 to 10000000.
    3. Comment: You can enter additional information about the subscriber site.

    4. Members: In the Members table, click the Add icon to add Grid members to the site. If there are multiple members, the Member Selector dialog box is displayed, from which you can select a member. Click the required member name in the dialog box. You can also delete a member from the list.
      Note that a Grid member can support only one subscriber site.

    5. Deterministic NAT Block Size: The block size specifies the number of ports made available for each incoming subscriber address. In a deterministic NAT, zero means not using NAT. The value can be any number from 0 to 64512. The block size configuration is not allowed to change unless the global (subscriber service properties) IPSD is set to Deterministic-NAT-Port.
    6. First port: The value of the first usable port for the subscriber. The first usable port will have a default value of 1024, and the value can be any number from 1024 to 65535, both inclusive.

    7. : Select this option to restrict only NATed subscribers (Subscribers with IPSD). Here the IP address and port block allocations are made dynamically for the subscriber instance and the IPSD of the first port is assigned to the subscriber port block. For example, if the block size is 8 for the site, then the IPSD must be set to 1024, 2032, 3040,  etc.
      Note that you must select Allow NATed Subscribers only option when the NAT port Block Size is a non zero value and the parental control policy is enabled for the member.

    8. Stop the anycast service when the subscriber service is in the interim state: Select this option to stop the anycast service from running when the subscriber service is in the interim state. By default, this option is selected.

  3. Click Next to select Subscriber Collection
  4. if Subscriber Collection RADIUS button is selected, to configure NAS gateways for the subscriber site, complete the following

    1. Listen on RADIUS port number: Enter the UDP port number that the collector member uses to collect accounting information from the NAS gateway. You can enter an integer from 1 to 65535. The default is 1813.

    2. NAS Gateways: You must add at least one NAS gateway to the subscriber site in order to start the subscriber collection service. You can add up to 20 NAS gateways. Click the Add icon and complete the following to add a NAS gateway:

      1. Name: Enter the name of the NAS gateway.
      2. IP Address: Enter the IP address of the NAS gateway.
      3. Shared Secret: Enter a shared secret that can be used to authenticate the communication between the RADIUS accounting server and the collector member. This shared secret must match the one you entered on the RADIUS server.
      4. Confirm Shared Secret: Enter the shared secret again.
      5. Send Protocol Acknowledgment: Select this checkbox to send an acknowledgment to the client when the collector member receives accounting information from the NAS gateway.
      6. Comment: Enter additional information about the NAS gateway.

      7. Click Add to add the NAS gateway.
        You can select a NAS gateway configuration and click the Edit icon to modify it or click the Delete icon to delete it.

  5. If Subscriber Collection > API button is selected. This feature enables NIOS to receive subscriber information through API server. To configure an API Server:

    1. Click the Add icon to add the API server Members.

    2. In the Members table, click the Add icon to add Grid members to the site. If there are multiple members, the Member Selector dialog box is displayed, from which you can select a member. Click the required member name in the dialog box. You can also delete a member from the list.

  6. This step is required only if Infoblox Subscriber Parental Control is enabled. For information about enabling Parental Control, see Infoblox Subscriber Parental Control. Click Next to configure the parental control blocking IP addresses. Complete the following:
    1. Content Proxy Addresses: You can add IP addresses of the Infoblox Harmony product. The appliance will forward the subscriber session to Infoblox Harmony for in-line processing of the subscriber session, depending on the policies. Click the Add icon. Grid Manager adds a row to the Content Proxy Addresses table. It is recommended that you enter two addresses in this field. The first address is considered the primary address and the second address is considered the secondary address. If you enter only one address, the same address is considered the primary and secondary address. Click the row and enter the IP address in the Address field. To delete an IP address, select the checkbox and then click the Delete icon.

    2. Enforce the global proxy listSelect this checkbox if you want to proxy the traffic to the MSP (Multi-Services Proxy) server. If you select this checkbox, and have categorized the queried domains in the incoming traffic to the global proxy list using the set pc_domain add command (category 104), then the query resolves to an MSP virtual IP address and NIOS generates a "synthetic resolution”. This checkbox is disabled by default, and you must configure Content Proxy Addresses to enable it. If you do not select this checkbox, then the query resolves normally.
      Notes:

      • If you have configured queries to specific domains (categorized to 104) to be proxied to the MSP server and enabled the Enforce the global proxy list option, queries to these domains are proxied if subscriber secure policies with the NXDOMAIN rule are not set.
      • If you want to enable and run DNS over TLS, DNS over HTTPS, and Parental Control features simultaneously on a member, ensure that the appliance meets the base memory configuration requirements defined in Configuration Requirements. If you try to run these features when the required memory configuration is not available, all of these features will be disabled.
    3. Additional Blocking Servers: Besides the IP addresses you specify in the Parental Control Blocking IP Addresses fields, you can specify additional IP addresses that will act as blocking servers for the blocking policies you defined when configuring blocking server policies. Click the Add icon. Grid Manager adds a row to the Additional Blocking Servers table. Click the row and select a blocking policy. In the Address field, enter the IP address of the blocking server that will contain the selected blocking policy. To delete an IP address, select the checkbox and then click the Delete icon. 

    4. Parental Control Blocking IP Addresses: You can configure two sets of IPv4 and IPv6 addresses that are used as blocking VIP addresses. The parental control subscribers are redirected to the following blocking IP addresses whenever the domain queried by the subscriber is blocked based in the subscriber parental control policy.
      Complete the following:

      1. IPv4 Address (primary): Enter the primary blocking IPv4 address.
      2. IPv4 Address (secondary): Enter the secondary blocking IPv4 address.
      3. IPv6 Address (primary): Enter the primary blocking IPv6 address.
      4. IPv6 Address (secondary): Enter the secondary blocking IPv6 address.
    5. Policy Management Addresses: You can add IP addresses of the policy management servers to which the appliance sends APIs about the expired parental control policies. Click the Add icon. Grid Manager adds a row to the Policy Management Addresses table. Click the row and enter the IP address in the Address field. To delete an IP address, select the checkbox and then click the Delete icon.
  7. Save the configuration, or click Next to continue to the next step where you define extensible attributes as described in Managing Extensible Attributes.

Bypassing Subscriber Secure Policy for Allowed Lists

You can choose to let subscriber specific allowed domains to take priority over category-based policies, security policies and blocklist entries. Subscriber specific blocked domains take priority over category-based policies.

To bypass subscriber secure policy for allowed lists:

  1. Navigate to the Data Management > DNS > Subscriber Services Deployment > Subscriber Sites tab.

  2. Click the Edit icon to edit an existing subscriber site.

  3. In the Subscriber Site Properties wizard, go to the General > Advanced tab.

    • Enable Subscriber Secure Policy Bypass for Allowed list: Select this checkbox to enable NIOS to generate a normal response for all domains in a subscriber's allow list. The allowed domains override RPZ rules if any (for example, NXDOMAIN), and categorize policy rules for the subscriber. This enables subscribers to override all policies for a specific domain. The subscribers allow list domain is cached in DNS Cache Acceleration and subsequent queries are answered by DNS Cache Acceleration.
      Note that the vDCA ( virtual DNS Cache Acceleration) allows only 5% of its total number of subscribers to have allow block lists. The maximum number of allowed and blocked domains is 15. Domains in a subscriber’s blocked list take priority over category-based policies subject to RPZ rules. This ensures that the RPZ global allow list is always enforced. That is, a subscriber cannot override a domain in the global allow list.

    • Set Global Allow List RPZ index range ( 0 to 30): Select this checkbox to specify an RPZ index value between 0 to 30. A domain is added to the RPZ specified as a passthru RPZ rule, and that domain is added as a global allowed list. This global allowed list is applicable to all subscribers. 
      You can use both the Enable Subscriber Secure Policy Bypass for Allowed list and the Set Global Allow List RPZ index range options at the same time. Or you can choose to use the options independently irrespective of whether Enable Subscriber Secure Policy Bypass for Allowed list is enabled or disabled.


Modifying Subscriber Sites

To modify a subscriber site, complete the following:

  1. From the Data Management tab -> DNS tab -> Subscriber Services Deployment tab -> Subscriber Sites tab, click the Action icon next to the subscriber site name and select Edit from the menu.
  2. The Subscriber Site Properties editor provides the following tabs from which you can modify data:
    1. In the General tab, you can modify the information you previously entered through the Add Subscriber Site wizard.
      Note that If the Grid Manager is IPv4-only and Grid members are IPv6 or dual-stack, modifying subscriber sites may not clear the subscriber cache. Import and export of subscriber data may also not work.

    2. In the NAS Gateways tab, you can edit the NAS gateways configured for the subscriber site, as described in the Adding Subscriber Sites section.
      Note that If you make any changes to the NAS gateway configuration, the subscriber collector will automatically restart within 30 seconds. However, the subscriber data collected in the subscriber cache is not affected by the NAS gateway configuration changes.

    3. If Subscriber Parental Control is enabled, the Parental Control tab is displayed. You can modify the information in the Parental Control tab, as described in the section Adding Subscriber Sites above.
      1. Enable DCA subscriber Query count logging: Select this checkbox to allow the DCA to generate subscriber logs and to record query counts greater than or equal to zero for subscriber query count updates and deletions. These logs are generated for deletions even when the query count is equal to zero. By default, this option is disabled.

      2. Enable DCA subscriber Allowed & Blocked list support: Select this checkbox to support the blocked and allowed list of subscribers. This option is disabled by default. Once the domain is cached, the blocked lists are provided by DCA. Domains in the allowed list are transferred to BIND. There are several members on the site, but the memory requirement is 32GB or higher for all the vDCA capable members. You must manually restart NIOS after selecting this checkbox for the support to be successful.
        Notes:

        • The allowed and blocked listing feature allows you to specify all possible top-level domains, (for example, linkedin.com, linkedin.co.uk) for well-known names. If a dotless name such as "facebook" is in the allowed list or blocked list and the qname is facebook.<suffix>, then:
          • If the suffix is a top-level domain (example "xxxyyy"), the two are matched regardless of whether "xxxyyy" is registered or not in the worldwide DNS.
            Example: 
            facebook == facebook.com
            facebook == facebook.xxxyyy
          • If the suffix is not a top-level domain (example "xxx.yyy"), whether the two are matched or not depends on whether "xxx.yyy" is registered and present in the public_suffix_list.dat on the appliance or not.
            Example:
            facebook == facebook.co.uk
            facebook != facebook.xxx.yyy
        • If you remove a policy from the Proxy-All allow list,  wait for the time to leave (TTL) setting that is configured in DNS Cache Acceleration to expire, for the subscriber policy to work correctly.

        • If a zvelo category database update failure occurs for three consecutive days:

          • Grid Manager displays a yellow background with the "Please correct the download credentials or the proxy configuration to get the latest database updates" message and the member status is displayed as "Domain category db is not latest" in the Grid Manager >Subscriber Collection Services> Service Status column.

          • A new SNMP trap is sent with the message "Domain category db is not latest". Additionally, if email notifications are configured, an email is sent to the configured email address with the "Domain category db is not latest" message. 

          • Post this event, if the zvelo download is successful, a new SNMP clear trap is sent, and an email with the “zvelo SNMP Clear Trap” message is also sent. The Service Status column is on green background will be displayed in Green with the “Subscriber Collection Service is working” message.

        • If a zvelo category database update failure occurs for more than 60 days:

          • Grid Manager displays a red background with the "zvelo database expired. Subscriber secure queries will be fail-open" message and the member status is displayed as "zvelo db has expired" in the Grid Manager > Subscriber Collection > Services > Service Status column.

          • A new SNMP trap is sent with the "zvelo db has expired" message. Additionally, if email notifications are configured, an email is sent to the configured email address, with the "zvelo db has expired" message.

          • Post this event, if the zvelo download is successful, a new SNMP clear trap is sent, and an email with the “zvelo SNMP Clear Trap” message is also sent. The Service Status column is on green background will be displayed in Green with the “Subscriber Collection Service is working” message.

        • If you have not downloaded the zvelo database earlier:

          • If the zvelo database download fails for 3 consecutive days, a critical SNMP trap is sent, and “Domain category db is not latest“ is displayed as the member status instead of “Category information data is unavailable“.

          • If the zvelo database download fails for 60 consecutive days, a critical SNMP trap is sent, and “Domain category db is expired“ is displayed as the member status instead of “Category information data is unavailable“.

        • If the allowed blocklists for CPEs are different from the allowed blocklists for non-registered subscribers, then the allowed blocklists of CPEs are applied to the non-registered subscribers if the domain is in the virtual DNS Cache Acceleration (vDCA) cache. Even though the allowed blocklists are not in virtual DNS Cache Acceleration, they get a response from virtual DNS Cache Acceleration for non-registered subscribers as they inherit the CPE policies.
          After the 5% of allowed blocklists limit is reached, subscribers with allowed blocklists are added to the non-allowed blocklists pools and all queries are responded to only from BIND.
    4. You can enter or edit information in the Extensible Attributes tab, as described in Managing Extensible Attributes.
    5. You can export subscriber site data into a CSV file by selecting the Export option. For more information, see Importing and Exporting Data using CSV Import.
  3. Save the configuration.

Deleting Subscriber Sites

To delete a subscriber site, complete the following:

From the Data Management tab -> DNS tab -> Subscriber Services Deployment tab -> Subscriber Sites tab, click the Action icon next to the subscriber site name and select Delete from the menu.

In the Delete Confirmation (Subscriber Site) dialog box, click Yes.

Viewing Subscriber Sites

To view subscriber sites, complete the following:

From the Data Management tab -> DNS tab -> Subscriber Services Deployment tab -> Subscriber Sites tab.

Grid Manager displays the following information for each subscriber site:

  1. Actions: Click the Action icon next to a selected subscriber site and choose from the following:
    1. Edit: Modify certain general properties.
    2. Delete: You can delete the subscriber site.
    3. Extensible Attributes: Add or modify extensible attributes.
    4. View NAS Gateway Message Rates: Displays the message rates of the NAS gateways configured for the subscriber site.
  2. Name: The name of the subscriber site.
  3. Comment: Information about the subscriber site.
  4. Site: Displays values that were entered for this predefined attribute.

You can also perform the following:

  1. Edit the subscriber site information.
    1. Select the subscriber site, and then click the Edit icon.
  2. Delete a subscriber site.
    1. Select the subscriber site, and then click the Delete icon.
  3. Export the list of subscriber sites.
    1. Click the Export icon.
  4. Print the list of subscriber sites.
    1. Click the Print icon.

Use filters and the Go to function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Go to field and select the object from the possible matches.

Create a quick filter to save frequently used filter criteria:

  1. In the filter section, click Show Filter and define filter criteria for the quick filter.
  2. Click Save and complete the configuration In the Save Quick Filter dialog box.

The appliance adds the quick filter to the quick filter drop-down list in the panel. Note that global filters are prefixed with [G], local filters with [L], and system filters with [S].

Sort the subscriber sites in ascending or descending order by column.

Viewing NAS Gateway Message Rates

You can view the NAS gateways (accounting log servers) configured for the subscriber site and the message rate for each NAS gateway.

To view the NAS gateway message rates, complete the following:

From the Data Management tab -> DNS tab -> Subscriber Services Deployment tab -> Subscriber Sites tab.

In the Subscriber Sites tab, click the Action icon next to the respective subscriber site and select View NAS Gateway Message Rates from the list.

The NAS Gateway Message Rates dialog box displays the following information for the selected subscriber site:

Name: The name of the NAS gateway.

IP Address: The IP address of the NAS gateway.

Message Rate: The message rate of the NAS gateway.

Protobuf Template for Subscriber APIs 

The following is a sample template that you can use for creating subscriber API requests at API client and sent to NIOS API server . 

// This file contains the protobuf schemas for gRPC based API Server at IB-NIOS
// Copyright (c) 2024 Infoblox Inc. All Rights Reserved.
// Date: October 31, 2023
// Version: 0.4
syntax = "proto3";
package IbGrpc;
//IbGrpcServer defines the gRPC services for interacting with API.
service IbGrpcServer {
//gRPC API Server Health Check.
rpc Check(ApiHealthCheckRequest) returns (ApiHealthCheckResponse);
//gRPC API request for subscribers’s CRUD operation in NIOS subscriber cache.
//Response status of operation (Cache query count is optional for GET operation).
rpc ProcessSubscriberData (stream ApiRequestMessage) returns (stream ApiResponseMessage) {}
}
//NIOS gRPC API service health check request
message ApiHealthCheckRequest {
//Service name must be "SUBSCRIBER SERVICE HEALTH CHECK".
string service = 1;
}
//NIOS gRPC API service health check response
message ApiHealthCheckResponse {
enum ServingStatus {
UNKNOWN = 0;           //Indicates the service's health status is not known.
SERVING = 1;           //Indicates the service is operational and serving requests.
NOT_SERVING = 2;       //Indicates the service is currently not operational or unavailable.
SERVICE_UNKNOWN = 3;   //Indicates that the service name provided is incorrect or not recognized.
}
ServingStatus status = 1; //The current health status of the requested service.
}
// NIOS Subscriber cache supported operation
enum CacheOperationType {
CACHE_OP_UNSPECIFIED = 0;   //Unspecified Cache Operation.
SUB_COUNT = 1;              //Get subscriber cache count.
SUB_CREATE = 2;             //Create subscriber info with policy for IPv4/IPv6/IPv4 CGNAT addresses.
SUB_UPDATE = 3;             //Update subscriber info or policy for IPv4/IPv6/IPv4 CGNAT addresses.
SUB_DELETE = 4;             //Delete subscriber for IPv4/IPv6/IPv4 CGNAT addresses.
}
//NIOS Subscriber cache supported operation modifier for SUB_UPDATE
enum CacheOperationModifierType {
CACHE_OP_TYPE_UNSPECIFIED = 0; //Unspecified Cache Operation Modifier.
SUB_ADD_INFO = 1;        //Add subscriber info for an existing subscriber.
SUB_UPDATE_INFO = 2;           //Update subscriber info only for IPv4/IPv6/IPv4 CGNAT addresses for SUB_UPDATE.
SUB_UPDATE_POLICY = 3;         //Update subscriber policy only for IPv4/IPv6/IPv4 CGNAT addresses for SUB_UPDATE.
}
//Subscriber IPv4 information
message SubInfoV4 {
//IPv4 address or IPv4 CGNAT address
fixed32 ipv4 = 1;
//IPv4 prefix or IPv4 CGNAT prefix
uint32 prefix_v4 = 2;
//IPv4: NULL or IPv4 CGNAT port
string ips = 3;
//48 bit mac address
bytes local_id = 4;
}
//Subscriber IPv6 information
message SubInfoV6 {
//Subscriber IPv6 Address
bytes ipv6 = 1;
//Subscriber IPv6 Prefix
uint32 prefix_v6 = 2;
//48 bit mac address
bytes local_id = 3;
}
//Subscriber information
message SubscriberInfo {
repeated SubInfoV4  sub_info_v4_list = 1;    //List of sub_info_v4 for IPv4 addresses and/or IPv4 CGNAT addresses for the subscriber.
repeated SubInfoV6  sub_info_v6_list = 2;    //List of sub_info_v6 for IPv6 addresses for the subscriber.
}
//Subscriber Policies
message SubscriberPolicy {
//Subscriber Secure policy(max size 64 bits).
//Example: AABBCCDDEEFF0011
bytes subscriber_secure_policy = 1;
//Parental control Policy (Max size 128 bits).
//Example: AABBCCDDEEFF0011AABBCCDDEEFF0011
bytes parental_control_policy = 2;
//Parental control categories (Max size 128 bits).
//Example: AABBCCDDEEFF0011AABBCCDDEEFF0011
bytes parental_control_categories = 3;
//List of Allowed domains,
//max 15 domain names (comma separated).
//Example: “abc.com,facebook.com,www.xyz.co.uk”
string allowed_list = 4;
//List of Blocked domains,
//max 15 domain names (comma separated).
string blocked_list = 5;
//Unknown category policy
bool unknown_category_policy = 6;
//Flags for device discovery and Violations for now, other uses in the future.
//Bit 0: No Device discovery,
//Bit 1: No Device violation.
bytes op_code = 7;
}
//Subscriber cache API request message
message ApiRequestMessage {
//A unique identifier for an api request/response,
//For co-relating api request & response at gRPC client.
//Example: 12345
uint64 uid = 1;
//Request Type for supported operations on NIOS Subscriber cache.
//Example: SUB_CREATE for adding subscriber record
CacheOperationType request_type = 2;
//Request Operation type. Used incase the request_type == SUB_UPDATE.
CacheOperationModifierType request_update_type = 3;
//Subscriber Policies.
//Only ADD or REPLACE supported,
//UPDATE/MERGE is not supported.
//Need to send all latest policies for policy update or SUB_CREATE.
SubscriberPolicy sub_policy = 4;
//Subscriber Identifier (Max size 255 bytes).
//Example: "vodafone_home"
string subscriber_id = 5;
//Sub info with list of IPv4/IPv4 CGNAT/IPv6 addresses
//that needs to be added.
SubscriberInfo sub_info_add = 6;
//Sub info with list of IPv4/IPv4 CGNAT/IPv6 addresses
//that needs to be deleted.
SubscriberInfo sub_info_del = 7;
//Sub info with list of IPv4/IPv4 CGNAT/IPv6 addresses.
//Used to fetch the policy for specific cases of SUB_UPDATE_INFO operation.
SubscriberInfo sub_info_policy_src = 8;
}
//Subscriber cache API response message
message ApiResponseMessage {
//A unique identifier for an api request/response,
//for co-relating api request & response at gRPC client.
uint64 uid = 1;
//Response status code - zero  on success, non-zero on failure.
//0-SUCCESS
//1-FAILURE
//2-NOTFOUND
//3-SERVICE_UNAVAILABLE
//4-ALREADY_EXISTS
//5-INVALID_ARGS/INVALID_INPUT
//6 - POLICY_UNAVAILABLE
sint32 response_status = 2;
//Response message - depend on response_status.
string response_message = 3;
//Total subscriber count in subscriber cache at NIOS site.
uint64 cache_entry_count = 4;
}
//Metadata for ProcessSubscriberData() RPC:
//Following Metadata should be sent in order to map responses to
//appropriate gRPC client(POD).
//'bucket_id' : 'Unique ID to identify gRPC client  in string format'
//Field required based on operation:
//The field of subscriber_id is mandatory in all of below API requests.
//SUB_CREATE - Create subscriber info with policy
//API request should be sent with policy and sub_info_add as below.
//sub_policy : mandatory - Allot decide the default policy if no policy configured.
//sub_info_add: At least one list is not NULL.
//sub_info_v4_list with all the IPv4 and IPv4 CGNAT addresses to be added with the given policy.
//sub_info_v6_list with all the IPv6 addresses to be updated with the given policy.
//In sub_info_v4_list/sub_info_v6_list, all the fields in SubInfoV4/SubInfoV6 are mandatory.
//SUB_DELETE - Delete the subscriber info
//API request can be sent without policy and sub_info_del as below.
//sub_info_del: At least one list is not NULL. Allot make sure to send whatever IPv4/CGNAT/v6 addresses to be deleted for the subscriber_id.
//sub_info_v4_list with all the IPv4 and IPv4 CGNAT addresses to be deleted.
//sub_info_v6_list with all the IPv6 addresses to be deleted.
//In sub_info_v4_list/sub_info_v6_list, all the fields in SubInfoV4/SubInfoV6 are mandatory.
//SUB_UPDATE – Update subscriber info or policy
//SUB_UPDATE_INFO - Update subscriber info only, no policy update
//API request is sent without policy but with sub_info_del and sub_info_add as below:
//sub_info_del: At least one list can’t be NULL.
//sub_info_v4_list with all the IPv4 and IPv4 CGNAT addresses to be deleted if any.
//sub_info_v6_list with all the IPv6 addresses to be deleted if any.
//sub_info_add: At least one list can’t be NULL.
//sub_info_v4_list  with all the IPv4 and IPv4 CGNAT addresses to be added if any.
//sub_info_v6_list  with all the IPv6 addresses to be added if any.
//In sub_info_v4_list/sub_info_v6_list, all the fields in SubInfoV4/SubInfoV6 are mandatory.
//SUB_UPDATE_POLICY - Update policy only, no subscriber info update
//API request is sent with policy and sub_info_add as below.
//sub_info_policy : mandatory
//sub_info_add: At least one list is not NULL. Allot needs to send a complete IPv4/CGNAT/IPv6 address list for the subscriber_id.
//sub_info_v4_list with all the IPv4 and IPv4 CGNAT addresses to be updated with the given policy.
//sub_info_v6_list with all the IPv6 addresses to be updated with the given policy.
//Mandatory fields for API response
//uid
//response_status
//response_message
//response_type
Collapse