Extreme Networks EPICenter Guide Manual page 153

Because they were defined through the EPICenter Grouping Manager, the Policy Manager can translate
these high-level server and client names to IP addresses. Based on this information as well as the
specified traffic direction, the Policy Manager generates the set of traffic flows shown in the table at the
bottom of Figure 68. The diagram shows the steps involved in translating from the high-level objects
(host name and service) to IP addresses and L4 ports and protocols, to a set of traffic flows used in
policy rules.
Figure 68: Translation of a client/server policy definition into traffic flows
Server
Iceberg
Baan
Server
Destination
IP
10.2.3.4
10.2.3.4
10.2.3.4
10.4.0.1
10.4.0.2
10.4.0.3
Note that the potential number of traffic flows can get very large if you specify a large number of
endpoints for both servers and clients. For "n" servers and "m" clients, the number of traffic flows
affected by the policy will be m*n. For this reason, the use of subnets rather than large numbers of
individual unicast IP addresses is recommended, when possible, for IP policies that involve multiple
endpoints.
When both subnet and unicast IP addresses are in the endpoint, the Policy Manager determines the
minimum set of IP/subnet addresses that are needed to represent all the addresses in the endpoint
EPICenter Concepts and Solutions Guide
Client
A B
+
ANY
Server Client
10.2.3.4 10.4.0.1 10.4.0.2
TCP
512
Client
TCP
10.2.3.4 10.4.0.1
512
10.4.0.2
10.4.0.3
Destination Source
L4 port IP
TCP 512 10.4.0.1
TCP 512 10.4.0.2
TCP 512 10.4.0.3
*
10.2.3.4
*
10.2.3.4
*
10.2.3.4
C
+
Traffic direction:
BOTH
10.4.0.3
*
*
*
*
*
*
*
*
Source
L4 port
*
*
*
TCP 512
TCP 512
TCP 512
XM_017
Policy Types
153