Acl Next-Hop For Vpls; Figure 41: Application 1 Diagram - Alcatel-Lucent 7750 SR OS Service Manual
Service router - mobile gateway
Hide thumbs
Also See for 7750 SR OS:
- Manual (1948 pages) ,
- Interface configuration manual (628 pages) ,
- System configuration manual (484 pages)
Table of Contents
Advertisement
Virtual Private LAN Services
ACL Next-Hop for VPLS
DPI/FIREWALL
CUSTOMER SAPs
UPLINK TO LAYER 3 NETWORK
VPLS1
VPLS2
Figure 9: Application 1 Diagram
The ACL next-hop for VPLS feature enables an ACL that has a forward next-hop SAP or SDP
action specified to be used in a VPLS service to direct traffic with specific match criteria to a SAP
or SDP. This allows traffic destined to the same gateway to be split and forwarded differently
based on the ACL.
Policy routing is a popular tool used to direct traffic in Layer 3 networks. As Layer 2 VPNs
become more popular, especially in network aggregation, policy forwarding is required. Many
providers are using methods such as DPI servers, transparent firewalls or Intrusion Detection/
Prevention Systems (IDS/IPS). Since these devices are bandwidth limited providers want to limit
traffic forwarded through them. A mechanism is required to direct some traffic coming from a
SAP to the DPI without learning and other traffic coming from the same SAP directly to the
gateway uplink based learning. This feature will allow the provider to create a filter that will
forward packets to a specific SAP or SDP. The packets are then forwarded to the destination SAP
regardless of learned destination or lack thereof. The SAP can either terminate a Layer 2 firewall,
deep packet inspection (DPI) directly or may be configured to be part of a cross connect bridge
into another service. This will be useful when running the DPI remotely using VLLs. If an SDP is
used the provider can terminate it in a remote VPLS or VLL service where the firewall is
connected. The filter can be configured under a SAP or SDP in a VPLS service. All packets
(unicast, multicast, broadcast and unknown) can be delivered to the destination SAP/SDP.
The filter may be associated SAPs/SDPs belonging to a VPLS service only if all actions in the
ACL forward to SAPs/SDPs that are within the context of that VPLS. Other services (IES, VLL
and VPRN) do not support this feature. An ACL that contains this feature is allowed but the
system will drop any packet that matches an entry with this action.
7750 SR OS Services Guide
Page 355
Advertisement
Table of Contents
