Extreme Networks EPICenter Guide Manual page 167

Figure 74: Translation of a client/server policy definition into traffic flows
Server Client
Iceberg
+
Baan
Server
10.2.3.4
TCP
512
Server
TCP
10.2.3.4
512
Destination Destination
IP L4 port
10.2.3.4 TCP 512
10.2.3.4 TCP 512
10.2.3.4 TCP 512
10.4.0.1
10.4.0.2
10.4.0.3
Note that the potential number of traffic flows can get very large if you specify a large number of
endpoints for both servers and clients. For "n" servers and "m" clients, the number of traffic flows
affected by the policy will be m*n. For this reason, the use of subnets rather than large numbers of
individual unicast IP addresses is recommended, when possible, for IP policies that involve multiple
endpoints.
When both subnet and unicast IP addresses are in the endpoint, the Policy Manager determines the
minimum set of IP/subnet addresses that are needed to represent all the addresses in the endpoint
specification. For example, if you specify policy endpoints as 10.2.0.0/16, 10.2.0.1, and 10.2.0.25, the
Policy Manager will use only 10.2.0.0/16
The IP QoS rules generated from EPICenter IP policy definitions are also known as Access List rules,
because they define and control IP-based access between endpoints. A rule implementing IP-based QoS
between server A and client B effectively defines the access allowed between those two endpoints.
Access rules intended to permit access between the endpoints are implemented using one of the QoS
EPICenter Concepts and Solutions Guide
A B C
+
ANY
Client
10.4.0.1 10.4.0.2 10.4.0.3
*
*
Client
*
10.4.0.1
*
*
10.4.0.2
*
*
10.4.0.3
*
Source Source
IP L4 port
*
10.4.0.1
*
10.4.0.2
*
10.4.0.3
*
10.2.3.4 TCP 512
*
10.2.3.4 TCP 512
*
10.2.3.4 TCP 512
Traffic direction:
BOTH
XM_017
Policy Types
167