Filter Policies
Router Configuration Guide 469
Once created, filter policies must then be associated with interfaces/services/subscribers or
with other filter policies (if the created policy cannot be directly deployed on interface/
services/subscriber), so the incoming/outgoing traffic can be subjected to filter rules. Filter
policies are associated with interfaces/services/subscribers separately in ingress and in egress
direction. A policy deployed on ingress and egress direction can be same or different. In
general, it is recommended to use different filter policies per-ingress and per-egress
directions and to use different filter policies per service type, since filter policies support
different match criteria and different actions for different direction/service contexts. A filter
policy is applied to a packet in the ascending rule entry order. When a packet matches all the
parameters specified in a filter entry’s match criteria, the system takes the action defined for
that entry. If a packet does not match the entry parameters, the packet is compared to the next
higher numerical filter entry rule and so on. If the packet does not match any of the entries,
the system executes the default-action specified in the filter policy: drop or forward.
For Layer 2, either an IPv4/IPv6, and MAC filter policy can be applied. For Layer 3 and
network interfaces, an IPv4/IPv6 policy can be applied. For r-VPLS service, a L2 filter policy
can be applied to L2 forwarded traffic and L3 filter policy can be applied to L3 routed traffic.
For dual stack interfaces, if both IPv4 and IPv6 filter policies are configured, the policy
applied will be based on the outer IP header of the packet. Non-IP packets are not hitting an
IP filter policy, so the default action in the IP filter policy will not apply to these packets. IPv6
filters do not apply to the 7450 ESS except when it is in mixed mode. IPv6 filters do not apply
to the 7450 ESS (except in mixed mode).
Filter Policy Basics
The following subsections define main functionality supported by filter policies.
Filter Policy Packet Match Criteria
This section defines packet match criteria supported on SR OS-based routers/switches for
IPv4, IPv6 and MAC filters. Types of criteria supported depends on the hardware platform
and filter direction, please see your Alcatel-Lucent representative for further details.
General notes:
• If multiple unique match criteria are specified in a single filter policy entry, all
criteria must be met in order for the packet to be considered a match against that filter
policy entry (logical AND).
• Any match criteria not explicitly defined is ignored during match.
To Next Page
Loading...
