Ip Filters - Alcatel-Lucent 7705 Service Manual

Service aggregation router os
Hide thumbs Also See for 7705:
Table of Contents

Advertisement

IP Filters

In Release 3.0 of the 7705 SAR, IP filters are applied to ingress pseudowire SAPs (Epipes
and Ipipes), VPRN SAPs, and IES SAPs, as well as to ingress network interfaces and IES
management SAPs.
Ethernet pseudowires are generally used to transparently switch traffic across an MPLS
network to the far end. However, in some cases, the traffic that is switched over the network,
consuming valuable bandwidth, is just discarded at the other end of the pseudowire. As well,
with the 7705 SAR expanding into areas such as vertical markets, and with local area
networks being connected to the 7705 SAR Ethernet ports, an increasing amount of traffic
must stay local and not pass through the MPLS network to the far end. By using IP filters at
the access ingress, operators can determine what traffic is passed through the pseudowire
and therefore use the network links more efficiently.
IP filters can also be used for security purposes, by allowing access only to designated
services (for example, allowing e-mail and FTP services while disallowing Telnet services)
at the origin of the traffic.
IP filter policies specify either a forward or a drop action for packets, based on information
specified in the match criteria. You can create up to 16 IP unique filter policies per adapter
card and up to 96 IP filters per node. Within each filter policy, you can create up to 64
matching entries.
The same IP filter policy can be assigned to any entity (network interfaces, IP pseudowires,
Ethernet pseudowires, IES, and VPRN services), all of which can be configured on the same
adapter card. For example, a filter policy defined as filter-5 can be assigned to multiple
Epipe SAPs and, simultaneously, to network interfaces on the same adapter card.
A filter policy assigned to an entity on one adapter card can also be assigned to any entity on
another adapter card. For example, a filter policy defined as filter-2 can be assigned to an
Epipe on an Ethernet Adapter card and to a network interface on another Ethernet Adapter
card.
Up to 16 unique filter policies are supported per adapter card, and assigning the same filter
policy to different entities on a card counts as using one filter policy.
Configuration of filter policies is similar for network interfaces, IES management SAPs,
Ethernet and IP pseudowire SAPs, VPRN SAPs, and IES SAPs. This guide describes the
assignment of filter policies to SAPs. Refer to the 7705 SAR OS Router Configuration
Guide, "Filter Policies", for information on configuring filter policies and assigning them to
network interfaces.
7705 SAR OS Services Guide
VLL Services
Page 167

Advertisement

Table of Contents
loading

Table of Contents