PREV NEXT INDEX

Avici Systems Inc.

Routing and Forwarding Policy Commands

This chapter describes the IPriori commands to:

Access Lists

There are many instances when you need to control the sending and receiving of route updates and/or specific types of packets. Access lists are filters that enable you to control which routing updates or packets are permitted or denied.

Address-based access lists consist of a list of addresses or address ranges and a statement as to whether access to or from that address is permitted or denied. BGP uses address-based access lists to control which routing updates are permitted (accepted from or advertised to neighbors) or denied.

Packet-based access lists select packets for filtering based on protocol, source address, destination address, port number, the state of the connection and whether the packet is fragmented. Packet filtering is initially configured using extended access-lists. Access-lists are applied to interfaces using access-groups. Sample rates and received bandwidth rate limits can be associated with packet filtering.

Netflow

Netflow is a means of collecting and exporting packet summaries to an external collector. Collected summaries can be used by applications that analyze the data on the collector and provide traffic usage statistic and profiling information. Caching takes place by mirroring packets to a Netflow. For each flow the router keeps a count of the number of packets and bytes received while that flow remains in the cache.

IP Prefix Lists

Prefix lists provide for the filtering of updates to and from a peer on the basis of network prefixes. Filtering on prefixes is easier to use and more efficient than filtering using access list. Like access list, prefix lists filter by permitting and denying updates based upon a specified prefix and mask. Prefix lists also associate a sequence number and prefix length range for a specified prefix and mask.

The sequence number determines the order of look up. Sequence numbers permit heavily used prefixes to be looked up earlier than lesser used prefixes. If a sequence number is not specified, a value is assigned that is the highest assigned sequence number plus 5.

NOTE Sequence numbers can be assigned consecutively, but doing so eliminates the ability to add additional assignments within the consecutive range.

Ranges can be any mask length value up to 32 within a greater-than-or-equal-to and less-than-or-equal-to assignment. You can specify a greater-than-or-equal-to assignment with the high end defaulting to 32, you can specify a less-than-or-equal-to assignment with the low end defaulting to the beginning of the mask, or you can specify both boundaries.

Route Maps

Route maps are another tool to control the distribution of routing updates. Route maps consist of a list of match and set commands. The match commands specify match criteria and the set commands specify the action taken if the match criteria are met. Many attributes are used as matching criteria - including access lists. Only routes that pass the route map are accepted (inbound route maps) or forwarded (outbound route maps).

Redistribution

Route redistribution is used to inject routes from one routing domain into another routing domain. You can conditionally control the redistribution of routes between routing domains by defining route maps.

Aggregate Addresses

BGP allows you to divide a network into subnets. Subnets can be further divided into smaller sub-subnets. Route aggregation enables you to configure a single aggregated route to reach the subnets, while protecting the network outside the subnet from having it's routing tables filled with subnet addresses.

PREV NEXT INDEX

Copyright © 2004 Avici Systems Inc.
Avici® and TSR® is a registered trademark of Avici Systems Inc.
IPriori™, Composite Links™, SSR™, QSR, and NSR® are trademarks of Avici Systems Inc.

   Source File Name: Routing_Pol.fm
    HTML File Name: Routing_Pol.html
    Last Updated: 05/10/04 at 16:38:37

Please email suggestions and comments to: doc@avici.com