Filter Policies
Router Configuration Guide 475
If multiple interfaces (including LAG interfaces) use the same rate-limit filter policy
on the same FP, the system will allocate a single rate limiter resource to the FP; a
common aggregate rate limit is applied to those interfaces.
The rate-limit filter policy is supported on ingress only, and requires minimum FP-2
base line cards and chassis mode D. Traffic extracted to the CPM is not rate-limited.
Rate-limit filter policy entries can coexist with cflowd, log, and mirror irrespective
of the outcome of the rate limit.
Interaction with QoS: Packets matching a rate-limit filter policy entry will bypass
ingress QoS queuing or policing, and only the filter rate-limit policer will be applied.
• forward “Policy-based Routing/Forwarding (PBR/PBF) action”— PBR/PBF
actions allows operators to permit ingress traffic but change the regular routing/
forwarding packet would be a subject to. The PBR/PBF is applicable to unicast traffic
only. The following PBR/PBF actions are supported (See CLI section for command
details):
→ egress-pbr — enabling egress-pbr activates a PBR action on egress, while
disabling egress-pbr activates a PBR action on ingress (default).
The following subset of the below-defined PBR actions can be activated on
egress: redirect-policy, next-hop-router, and esi.
Egress PBR is supported in IPv4 and IPv6 filter policies for ESM only. Unicast
traffic that is subject to slow-path processing on ingress (for example IPv4
packets with options or IPv6 packets with hop-by-hop extension header) will not
match egress pbr entries. Filter logging, cflowd, and mirror source are mutually
exclusive to configuring a filter entry with an egress PBR action. Configuring
pbr-down-action-override, if supported with a given PBR ingress action type,
is also supported when the action is an egress PBR action. Processing defined by
pbr-down-action-override does not apply if the action is deployed in the wrong
direction. If a packet matches a filter PBR entry and the entry is not activated for
the direction in which the filter is deployed, action forward is executed. Egress
PBR cannot be enabled in system filters.
Egress PBR functionality requires chassis mode D.
→ esi — forwards the incoming traffic using VXLAN tunnel resolved using EVPN
MP BGP control plane to the first service chain function identified by ESI (L2)
or ESI/SF-IP (L3). Supported with VPLS (L2) and IES/VPRN (L3) services. If
the service function forwarding cannot be resolved, traffic matches an entry and
action forward is executed.
For VPLS, no cross service PBF is supported – i.e. the filter specifying ESI PBF
entry must be deployed in the VPLS service where BGP EVPN control plane
resolution takes place as configured for a given ESI PBF action. The
functionality is supported in filter policies deployed on ingress VPLS interfaces.
BUM traffic that matches a filter entry with ESI PBF will be unicast forwarded
to the VTEP:VNI resolved through PBF forwarding.
To Next Page
Loading...
