Filter Policy Management - Alcatel-Lucent 7450 Configuration Manual

Filter Policy Basics
Note that the above cflowd filter sampling behavior is exclusively driven by match criteria: The
sampling logic applies regardless of whether an action was executed or not (including evaluation
of packet-length match condition).

Filter Policy Management

Modifying Existing Filter Policy
There are several ways to modify an existing filter policy. A filter policy can be modified through
configuration change or can have entries populated through dynamic, policy-controlled dynamic
interfaces like Radius or OpenFlow or Flowspec or Gx for example. Although in general, the
SROS ensures filter resources exist before a filter can be modified, because of a dynamic nature of
the policy-controlled interfaces, a configuration that was accepted may not be applied in H/W due
to lack of resources. When that happens, an error is raised.
A filter policy can be modified directly – by changing/adding/deleting the existing entry in that
filter policy or indirectly. Examples of indirect change to filter policy include, among others,
changing embedded filter entry this policy embeds (see Embedded filters section), changing
redirect policy this filter policy uses.
Finally, a filter policy deployed on a given interface can be changed by changing the policy the
interface is associated with.
All of the above changes can be done in service. Note that a filter policy that is associated with
service/interface cannot be deleted unless all associations are removed first.
For a large (complex) filter policy change, it may take a few seconds to load and initiate the filter
policy configuration. It should also be noted, that filter policy changes are downloaded to line
cards immediately, therefore operators should use filter policy copy or transactional CLI to ensure
partial policy change is not activated.
Filter Policy Copy and Renumbering
To assist operators in filter policy management, SROS supports entry copy and entry renumbering
operations.
Filter copy allows operators to perform bulk operations on filter policies by copying one filter's
entries to another filter. Either all entries or a specified entry of the source filter can be selected for
copy. When entries are copied, entry order is preserved unless destination filter's entry ID is
selected (applicable to single entry copy). The filter copy allows overwrite of the existing entries in
the destination filter by specifying "overwrite" option during the copy command. Filter copy can
be used, for example, when creating new policies from existing policies or when modifying an
existing filter policy (an existing source policy is copied to a new destination policy, the new
Page 446 7450 ESS Router Configuration Guide