ACL Filter Policy Overview
502 Router Configuration Guide
Figure 24: Upstream ESM ACL-policy based service chaining
Figure 25 shows downstream VAS service chaining steering using filter policies.
Downstream subscriber traffic entering Res-GW is forwarded to a subscriber-facing line
card. On that card, the traffic is subject to the subscriber's egress ACL filter policy processing
assigned to that subscriber by a policy server. If the ACL contains VAS steering rules, the
VAS rule-matching subscriber's traffic is steered for VAS processing over a dedicated to-
from-network VAS interface (in the same or a different routing instance). After the VAS
processing, the downstream traffic must be returned to Res-GW via a “to-from-network”
interface (shown in Figure 25) to ensure the traffic is not redirected to VAS again when the
subscriber-facing line card processes that traffic.
al_0701
IP/MPLS
WAN
Res-GW<->DC Tunnel
Upstream VAS-processed Traffic
- Traffic enters Res-GW from VAS on
to-from-network interface.
- Regular routing applies.
DC VAS Service
- SFC rules for upstream service
chains embedded into per
residential service ACLs
subscribers are assigned to via
Radius based on tier-of-service.
Upstream Sub A Traffic (Sub A Part of Residential Service “Gold”)
- Ingress traffic subject to dedicated ingress ACL policy for “Gold” Service assigned
to Sub A via Radius during subscriber activation.
- ACL policy rules steer Sub A’s traffic to one or more Service Chains that constitute
“Gold” Service, optionally some traffic may be excluded from VAS service entirely
- PBR using embedded SFC rules are required by GW<->DC banneling.
Res-GW
Data
Center
Sub B
Sub A
DC-VPRN
to-from-network
VAS IF
to-from-access
VAS IF
IES/VPRN
ESM-IF
Network IF
To Next Page
Loading...
