Configuring Policy-Based Forwarding For Deep Packet Inspection In Vpls; Figure 21: Policy-Based Forwarding For Deep Packet Inspection - Alcatel-Lucent 7450 Configuration Manual
Hide thumbs
Also See for 7450:
- Quality of service manual (912 pages) ,
- Manual (816 pages) ,
- Configuration manual (778 pages)
Table of Contents
Advertisement
Configuring Policy-Based Forwarding for Deep Packet Inspection
in VPLS
The purpose policy-based forwarding is to capture traffic from a customer and perform a deep
packet inspection (DPI) and forward traffic, if allowed, by the DPI.
In the following example, the split horizon groups are used to prevent flooding of traffic. Traffic
from customers enter at SAP 1/1/5:5. Due to the mac-filter 100 that is applied on ingress, all traffic
with dot1p 07 marking will be forwarded to SAP 1/1/22:1, which is the DPI.
DPI performs packet inspection/modification and either drops the traffic or forwards the traffic
back into the box through SAP 1/1/21:1. Traffic will then be sent to spoke-sdp 3:5.
SAP 1/1/23:5 is configured to see if the VPLS service is flooding all the traffic. If flooding is
performed by the router then traffic would also be sent to SAP 1/1/23:5 (which it should not).
Figure
VPLS service. For information about configuring services, refer to the 7450 ESS OS Services
Guide.
Residential Split
IngressPBF Filter
on Incoming Traffic
Split Horizon SAPs
Figure 21: Policy-Based Forwarding for Deep Packet Inspection
7450 ESS Router Configuration Guide
shows an example to configure policy-based forwarding for deep packet inspection on a
DPI Box
Normal Stream
PBF Diverted Stream
VPLS 10
Disable Learning
Filter Policies
OSSG125
Page 479
Advertisement
Table of Contents
