Search My Techie Guy

Friday, March 2, 2018

How to configure forwarding policy on Ericsson SmartEdge Router (Redback Networks Router)


The main purpose of this article is to show you how you can configure forwarding policy on Ericsson SmartEdge router. This is the equivalent of policy based routing (PBR) as implemented in Cisco or Juniper router platforms.

#show version 

Redback Networks SmartEdge OS Version SEOS-
Built by sysbuild@SWB-node08 Fri Jan 29 16:06:29 PST 2010
Copyright (C) 1998-2010, Redback Networks Inc. All rights reserved.
System Bootstrap version is Mips,rev2.0.2.42
Installed minikernel version is 11.7

Problem or Goal:

Forwarding policy is useful in many real life traffic or production environments. The most popular use cases include:
1. If you want to direct traffic to a proxy server
2. If you want to redirect traffic to HTTP page or server (HTTP-Redirect) - not covered in this example.
3. Policy Based Routing (PBR) - where you forward traffic to a next hop (router or server)
4. Forwarding traffic to a cache server 
5. Forward traffic to a content optimizer or content accelerator (say for TCP acceleration)


Refer to the use cases above


Refer to a scenario in the figure below where we wish to forward traffic from mobile subscriber to a tcp content accelerator server.

1. Create the policy access list inside context "INTERNET" - this is used to filter out the traffic of interest and mark it or label it. Traffic can be filter based on source address, destination address, port number, protocol, etc. The filtered traffic is then identified using a class label.

#context INTERNET
#context INTERNET

 policy access-list subscriber_towards_internet
  seq 10 permit tcp any class cls-CLASS1
  seq 100 permit ip any any class cls-DEFAULT

 policy access-list internet_towards_subscriber
  seq 10 permit tcp any class cls-CLASS1
  seq 100 permit ip any any class cls-DEFAULT

2. Create the forward policy inside context "INTERNET" and apply the relevant access group (access-list in (1) above).

#context INTERNET
#context INTERNET

forward policy fp1_subscriber_to_internet 
 access-group subscriber_towards_internet INTERNET
  class cls-DEFAULT
  class cls-CLASS1
   redirect destination next-hop
forward policy fp2_internet_to_subscriber 
 access-group internet_towards_subscriber INTERNET
  class cls-DEFAULT
  class cls-CLASS1
   redirect destination next-hop

3. Now apply the forward policies to the relevant ports on the router interface, be mindful of the direction of the flow of traffic. For our example we are looking at traffic flowing in the "IN" direction, that is; traffic flowing from the outside towards inside.

port ethernet 1/1
 description Connection_to_upstream_provider
 no shutdown
  forward policy internet_towards_subscriber in

port ethernet 1/2
 description Connection_to_subscriber_network
 no shutdown
  forward policy subscriber_towards_internet in 

Problem Solved?

Yes, subscriber traffic was successfully forwarded to the TCP accelerator server in both directions; that is subscriber request from mobile phone toward internet is first forwarded to TCP accelerator which fetch the request on behalf of the subscriber, and also the response returning from the internet towards subscriber is first forwarded to the TCP accelerator which servers it back to the subscriber. In this way we archive TCP acceleration in both directions. 
Post a Comment