Filter Policies
Router Configuration Guide 503
Figure 25: Downstream ESM ACL-policy based service chaining
Ensuring the proper settings for the VAS interface type, for upstream and downstream traffic
redirected to a VAS and returned after VAS processing, is critical for achieving loop-free
network connectivity for VAS services. The available configuration options
(config>service>vprn>interface>vas-if-type, config>service>ies>interface>vas-if-type
and config>router>interface>vas-if-type) are described below:
• deployments that use two separate interfaces for VAS connectivity (recommended,
and required if local subscriber-to-subscriber VAS traffic support is required)
→ to-from-access
- upstream traffic arriving from subscribers over access interfaces must be
redirected to a VAS PBR target reachable over this interface for upstream
VAS processing
- downstream traffic destined for subscribers after VAS processing must
arrive on this interface, so that the traffic is subject to regular routing but is
not subject to Application Assurance divert, nor to egress subscriber PBR
- the interface must not be used for downstream pre-VAS traffic; otherwise
routing loops will occur
→ to-from-network
- downstream traffic destined for subscribers arriving from network interfaces
must be redirected to a VAS PBR target reachable over this interface for
downstream VAS processing
- upstream traffic after VAS processing, if returned to the router, must arrive
on this interface so that regular routing can be applied
al_0702
IP/MPLS
WAN
Res-GW<->DC Tunnel
DC VAS Service
- SFC rules for downstream
chains embedded into per
residential service ACLs
subscribers are assigned to via
Radius based on tier-of-service.
Downstream Sub A Traffic (Sub A Part of Residential Service “Gold”)
- Egress traffic subject to dedicated egress ACL policy for “Gold” Service assigned
to Sub A via Radius during subscriber activation.
- ACL policy rules steer Sub A’s traffic to one or more Service Chains that constitute
“Gold” Service, optionally some traffic may be excluded from VAS service entirely.
- PBR using embedded SFC rules are required by Res-GW<->DC tunneling.
Res-GW
Data
Center
Sub B
Sub A
DC-VPRN
to-from-network
VAS IF
to-from-access
VAS IF
IES/VPRN
ESM-IF
Network IF
Downstream VAS-processed Traffic
- Traffic enters Res-GW on dedicated
to-from-access interface (required tp
avoid loop.)
- Regular routing applies.
To Next Page
Loading...
