Filter Policies
Router Configuration Guide 487
Caveats:
• Is mutually exclusive with SAP MAC ingress and egress loopback feature: tools
perform service id service-id loopback eth sap sap-id {ingress | egress} mac-swap
ieee-address.
• Requires FP2-based hardware.
Embedded Filters
When a large number of standard filter policies are configured in a system, a set of policies
will often contain one or more common blocks of entries that define, for example, system-
wide and/or service-wide security rules. Prior to introduction of the embedded filters, such
common rules would have to be configured separately in each exclusive/template policy.
To simplify management of such common rules across multiple filter policies, the operator
can use embedded filter policies. An embedded filter policy is a special type of a filter policy
that cannot be deployed directly but instead is used to define a common filter policy rules that
are then included in (embedded by) other filter policies in the system. Thanks to embedding,
a common set of rules can now be defined and changed in a single place but deployed across
multiple filter policies. The following main rules apply when embedding an embedded filter
policy:
1. An operator can explicitly define an offset at which to embed a given embedded filter
into a given embedding filter—the embedded filter entry number X becomes an entry
(X + offset) in the embedding filter.
2. An exclusive/template filter policy may embed multiple embedded filter policies as
long as the embedded entries do not overlap.
3. A single embedded filter policy may be embedded in many exclusive/template filter
policies.
4. When embedding an embedded filter, an operator may wish to change or deactivate
an embedded filter policy entry in one of the embedding filter, thus allowing for
customizing of the common embedded filter policy rules by the embedding filter.
This can be achieved by either defining an entry in the embedding filter that will
match ahead of the embedded filter entry or by overwriting the embedded filter entry
in the embedding filter.
To Next Page
Loading...
