Table of Contents
Advertisement
Configuring Traffic Rules and Counters
What are Traffic Rules and Counters?
Traffic rules and counters may be configured by the user. This functionality enables the user to define
specific operations on the traffic flowing through the SCE Platform, such as blocking or ignoring certain
flows or counting certain packets. The configuration of traffic rules and counters is independent of the
application loaded by the SCE platform, and thus is preserved when the application being run by the SCE
platform is changed.
Possible uses for traffic rules and counters include:
•
•
•
It should be noted that using traffic rules and counters does not affect performance. It is possible to
define the maximum number of both traffic rules and counters without causing any degradation in the
SCE platform performance.
Traffic Rules
A traffic rule specifies that a defined action should be taken on packets processed by the SCE Platform
that meet certain criteria. The maximum number of rules is 128, which includes not only traffic rules
configured via the SCE platform CLI, but also any additional rules configured by external management
systems, such as SCA BB. Each rule is given a name when it is defined, which is then used when
referring to the rule.
Packets are selected according to user-defined criteria, which may be any combination of the following:
•
•
•
•
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
6-18
Enabling the user to count packets according to various criteria. Since the traffic counters are
readable via the SCE SNMP MIB, these might be used to monitor up to 32 types of packets,
according to the requirements of the installation.
Ignoring certain types of flows. When a traffic rules specifies an "ignore" action, packets matching
the rule criteria will not open a new flow, but will pass through the SCE platform without being
processed. This is useful when a particular type of traffic should be ignored by the SCE platform.
Possible examples include ignoring traffic from a certain IP range known to require no service, or
traffic from a certain protocol.
Blocking certain types of flows. When a traffic rules specifies a "block" action, packets matching
the rule criteria (and not belonging to an existing flow) will be dropped and not passed to the other
interface. This is useful when a particular type of traffic should be blocked by the SCE platform.
Possible examples include performing ingress source address filtering (dropping packets originating
from a subscriber port whose IP address does not belong to any defined subscriber-side subnet), or
blocking specific ports.
IP address — A single address or a subnet range can be specified for each of the line ports
(Subscriber / Network).
Protocol — TCP/UDP/ICMP/IGRP/EIGRP/IS-IS/OSPF/Other
TCP/UDP Ports — A single port or a port range can be specified for each of the line ports
(Subscriber / Network). Valid for the TCP/UDP protocols only.
Direction (Upstream/Downstream) (TCP only).
Chapter 6
Configuring the Line Interface
OL-7827-12
Advertisement
Table of Contents
