Ip-Based Policies (Access List Policies) - Extreme Networks EPICenter Guide Manual

Policy Types
the path for that policy. This reduces the policy load on the rest of the system. On the contrary, for an
IP policy, the policy must be specified on each intermediate device in the path between the endpoints.
The EPICenter Policy Manager lets you specify the policy traffic flow in terms of named components.
Therefore, you can specify server "Iceberg" as the server endpoint, and users "A," "B," and "C" as user
endpoints. In addition, you can indicate that the traffic from the server should be filtered only to
include traffic generated by the Baan application, which translates to TCP traffic originating from L4
port 512. Ports are not specified for the users.
More details of the traffic flow can be seen in the following sections.

IP-Based Policies (Access List Policies)

An IP-based policy identifies IP traffic flowing between specific source and destination endpoints, and
then assigns that traffic to a QoS profile. For IP QoS, the traffic of interest is identified using any
combination of IP source and destination addresses, layer 4 protocol, and layer 4 (L4) port information.
In the EPICenter Policy Manager, the endpoints of the traffic flow are defined as one or more servers
and clients. The EPICenter Policy Manager lets you specify the endpoints using named resources such
as user names or host names, or groups that include such resources, as long as they can be mapped to
an IP address. If you specify a group resource as an endpoint, only the resources within the group (and
its subgroups) that can be mapped to an IP or subnet address will be used as policy endpoints.
You can also further define the server-side traffic endpoints by specifying a named application or
service, which translates to a protocol and L4 port, or by directly specifying a protocol and L4 port
range. The EPICenter Policy Manager currently supports TCP and UDP as L4 protocols. In some cases
you can also specify client-side L4 ports. The ICMP protocol is not currently supported.
The Policy Manager determines the traffic flows of interest based on the combination of endpoints and
direction you have specified, and creates a set of IP QoS rules that can be implemented in the
appropriate network devices.
Figure 73 shows the effects of a bi-directional IP policy specified between server Iceberg and clients A,
B, and C. The policy scope includes all three switches. The effect of this policy is that IP QoS rules are
implemented for six traffic flows on each switch: from the server to each of the three clients, and from
each client to the server.
Although not shown in this diagram, you can specify multiple servers as well as multiple clients.
165
EPICenter Concepts and Solutions Guide