ACL Filter Policy Overview
500 Router Configuration Guide
Filter Policy-based ESM Service Chaining
In some deployments, operators may select to redirect ESM subscribers to Value Added
Services (VAS). Various deployment models can be used but often subscribers are assigned
to a particular residential tier-of-service, which also defines the VAS available to subscribers
of the given tier. The subscribers are redirected to VAS based on tier-of-service rules but such
an approach can be hard to manage when many VAS services/tiers of service are desired.
Often the only way to identify a subscriber’s traffic with a particular tier-of-service is to
preallocate IP/IPv6 address pools to a given service tier and use those addresses in VAS PBR
match criteria. This creates an application-services to network infrastructure dependency that
can be hard to overcome, especially if fast and flexible application service delivery is desired.
Filter policy-based ESM service chaining removes ESM VAS steering to network
infrastructure inter-dependency. An operator can configure per tier of service or per
individual VAS service upstream and downstream service chaining rules without a need to
define subscriber or tier-of-service match conditions. Figure 23 shows a possible ACL model
(embedded filters are used for VAS service chaining rules).
On the left in Figure 23, the per-tier-of-service ACL model is depicted. Each tier of service
(Gold or Silver) has a dedicated embedded VAS filter (“Gold VAS”, “Silver VAS”) that
contains all steering rules for all service chains applicable to the given tier. Each VAS filter
is then embedded by the ACL filter used by a given tier. A subscriber is subject to VAS
service chain rules based on the per-tier ACL assigned to that subscriber (for example, via
Radius). If a new VAS rule needs to be added, an operator must program that rule in all
applicable tiers. Upstream and downstream rules can be configured in a single filter (as
shown) or can use dedicated ingress and egress filters.
On the right in Figure 23, the per-VAS-service ACL model is depicted. Each VAS has a
dedicated embedded filter (“VAS 1”, “VAS 2”, “VAS 3”) that contains all steering rules for
all service chains applicable to that VAS service. A tier of service is then created by
embedding multiple VAS-specific filters: Gold: VAS 1, VAS 2, VAS 3; Silver: VAS 1 and
VAS 3. A subscriber is subject to VAS service chain rules based on the per-tier ACL assigned
to that subscriber. If a new VAS rule needs to be added, an operator needs to program that
rule in a single VAS-specific filter only. Again, upstream and downstream rules can be
configured in a single filter (as shown) or can use dedicated ingress and egress filters.
To Next Page
Loading...
