The main purpose of this article is to show you how you can configure forwarding policy on Ericsson SmartEdge router. This is the equivalent of policy based routing (PBR) as implemented in Cisco or Juniper router platforms.
#show version
Redback Networks SmartEdge OS Version SEOS-6.2.1.2-Release
Built by sysbuild@SWB-node08 Fri Jan 29 16:06:29 PST 2010
Copyright (C) 1998-2010, Redback Networks Inc. All rights reserved.
System Bootstrap version is Mips,rev2.0.2.42
Installed minikernel version is 11.7
Problem or Goal:
Forwarding policy is useful in many real life traffic or production environments. The most popular use cases include:
1. If you want to direct traffic to a proxy server
2. If you want to redirect traffic to HTTP page or server (HTTP-Redirect) - not covered in this example.
3. Policy Based Routing (PBR) - where you forward traffic to a next hop (router or server)
4. Forwarding traffic to a cache server
5. Forward traffic to a content optimizer or content accelerator (say for TCP acceleration)
Cause:
Refer to the use cases above
Solution:
Refer to a scenario in the figure below where we wish to forward traffic from mobile subscriber to a tcp content accelerator server.
1. Create the policy access list inside context "INTERNET" - this is used to filter out the traffic of interest and mark it or label it. Traffic can be filter based on source address, destination address, port number, protocol, etc. The filtered traffic is then identified using a class label.
#context INTERNET
#configure
#context INTERNET
policy access-list subscriber_towards_internet
seq 10 permit tcp 192.168.1.0 0.0.0.255 any class cls-CLASS1
seq 100 permit ip any any class cls-DEFAULT
policy access-list internet_towards_subscriber
seq 10 permit tcp any 192.168.1.0 0.0.0.255 class cls-CLASS1
seq 100 permit ip any any class cls-DEFAULT
2. Create the forward policy inside context "INTERNET" and apply the relevant access group (access-list in (1) above).
#context INTERNET
#configure
#context INTERNET
forward policy fp1_subscriber_to_internet
access-group subscriber_towards_internet INTERNET
class cls-DEFAULT
class cls-CLASS1
redirect destination next-hop 10.10.10.10
!
forward policy fp2_internet_to_subscriber
access-group internet_towards_subscriber INTERNET
class cls-DEFAULT
class cls-CLASS1
redirect destination next-hop 10.10.10.10
3. Now apply the forward policies to the relevant ports on the router interface, be mindful of the direction of the flow of traffic. For our example we are looking at traffic flowing in the "IN" direction, that is; traffic flowing from the outside towards inside.
#configure
port ethernet 1/1
description Connection_to_upstream_provider
no shutdown
forward policy internet_towards_subscriber in
#configure
port ethernet 1/2
description Connection_to_subscriber_network
no shutdown
forward policy subscriber_towards_internet in
Problem Solved?
Yes, subscriber traffic was successfully forwarded to 10.10.10.10 the TCP accelerator server in both directions; that is subscriber request from mobile phone toward internet is first forwarded to TCP accelerator which fetch the request on behalf of the subscriber, and also the response returning from the internet towards subscriber is first forwarded to the TCP accelerator which servers it back to the subscriber. In this way we archive TCP acceleration in both directions.
1 comment:
Hi,
You're just save my day!
Regards,
R.
Post a Comment