Policy Types
EPICenter Concepts and Solutions Guide
167
Figure 74: Translation of a client/server policy definition into traffic flows
Note that the potential number of traffic flows can get very large if you specify a large number of
endpoints for both servers and clients. For “n” servers and “m” clients, the number of traffic flows
affected by the policy will be m*n. For this reason, the use of subnets rather than large numbers of
individual unicast IP addresses is recommended, when possible, for IP policies that involve multiple
endpoints.
When both subnet and unicast IP addresses are in the endpoint, the Policy Manager determines the
minimum set of IP/subnet addresses that are needed to represent all the addresses in the endpoint
specification. For example, if you specify policy endpoints as 10.2.0.0/16, 10.2.0.1, and 10.2.0.25, the
Policy Manager will use only 10.2.0.0/16
The IP QoS rules generated from EPICenter IP policy definitions are also known as Access List rules,
because they define and control IP-based access between endpoints. A rule implementing IP-based QoS
between server A and client B effectively defines the access allowed between those two endpoints.
Access rules intended to permit access between the endpoints are implemented using one of the QoS
XM_017
Traffic direction:
BOTH
++
Iceberg
Baan
Server
A B
ANY
C
Client
10.2.3.4
TCP
512
Server
10.4.0.1 10.4.0.2 10.4.0.3
Client
*
*
10.4.0.1
Client
10.2.3.4
Server
Destination
IP
Destination
L4 port
Source
IP
Source
L4 port
10.2.3.4 TCP 512 10.4.0.1
*
10.4.0.3
*
10.2.3.4 TCP 512
10.4.0.2
*
10.2.3.4 TCP 512
10.4.0.1
*
10.2.3.4 TCP 512
10.2.3.4 TCP 512 10.4.0.3
*
10.2.3.4 TCP 512 10.4.0.2
*
10.4.0.2
10.4.0.3
TCP
512
*
*
*
*
*
*
To Next Page
Loading...
Need help?
General
