Filter Policies
Router Configuration Guide 499
The subscriber identification string is available only when used with subscriber management.
Refer to the subscriber management section of the Triple Play Guide and the Router
Configuration Guide.
Since most web sites are accessed using the domain name the router allows either DNS
queries or responds to DNS with the portal’s IP address.
Filter Policies and Dynamic Policy-Driven Interfaces
In addition to configuration interfaces like CLI/SNMP, filter policies can be created and
modified by dynamic policy-driven interfaces, such as BGP flowspec, OpenFlow, Radius, or
XMPP-Python.
For BGP flowspec, routes are learned by a routing instance, and the system auto-creates an
embedded filter to contain the rules derived from these routes. The maximum number of rules
in the embedded filter of each routing instance can be controlled through configuration. The
embedded filter containing the flowspec rules of a routing instance can be inserted into any
configured exclusive or template-scope IPv4/IPv6 filter, and the embedding is activated if:
• the filter is applied to the ingress context of an IP interface that supports flowspec
• the IP interfaces to which the filter is applied all belong to the same routing instance,
and that routing instance is the one associated with the flowspec routes
The insertion point of the flowspec rules in each embedding filter policy is controlled through
offset configuration. For more information, see the BGP flowspec section of the Unicast
Routing Protocols Guide.
For Radius, operator can assign filter policies to a subscriber, and populate filter policies used
by the subscriber within a preconfigured block reserved for Radius filter entries. See the
TPSDA guide and filter RADIUS-related commands for more details.
VSD filters are created dynamically via XMPP and managed via Python script so rules can
be inserted into or removed from the proper VSD template or embedded filters. XMPP
messages received by the 7750 SR are passed transparently to the Python module to
generated the appropriate CLI. More information on VSD filter provisioning, automation,
and Python scripting details can be found in the Layer 2 Services and EVPN Guide.
For OpenFlow, embedded filter infrastructure is used to inject OpenFlow rules into an
existing filter policy. Please see “Hybrid OpenFlow Switch” section for more details.
Policy-controlled auto-created filters are recreated on system reboot. Policy-controlled filter-
entries are lost on system reboot and need to be reprogrammed.
To Next Page
Loading...
