beautypg.com

Stacking filters, Overlapping filters, Stacking filters 172 overlapping filters 172 – Nortel Networks WEB OS 212777 User Manual

Page 172: Figure 7-1, Figure 7-2, Assigning filters to overlapping ranges 172

background image

Web OS 10.0 Application Guide

172

n

Chapter 7: Filtering

212777-A, February 2002

Stacking Filters

Stacking filters are assigned and enabled on a per-port basis. Each filter can be used by itself or
in combination with any other filter on any given switch port. The filters are numbered 1
through 2048 on Alteon 184 and Alteon AD4 Web switches, and 1 though 224 on other Alteon
Web switches. When multiple filters are stacked together on a port, the filter’s number deter-
mines its order of precedence: the filter with the lowest number is checked first. When traffic is
encountered at the switch port, if the filter matches, its configured action takes place and the
rest of the filters are ignored. If the filter criteria doesn’t match, the next filter is tried.

As long as the filters do not overlap, you can improve filter performance by making sure that
the most heavily utilized filters are applied first. For example, consider a filter system where
the Internet is divided according to destination IP address:

Figure 7-1 Assigning Filters According to Range of Coverage

Assuming that traffic is distributed evenly across the Internet, the largest area would be the
most utilized and is assigned to Filter 1. The smallest area is assigned to Filter 4.

Overlapping Filters

Filters are permitted to overlap, although special care should be taken to ensure the proper
order of precedence. When overlapping filters are present, the more specific filters (those that
target fewer addresses or ports) should be applied before the generalized filters.

Example:

Figure 7-2 Assigning Filters to Overlapping Ranges

In this example, Filter 2 must be processed prior to Filter 3. If Filter 3 was permitted to take
precedence, Filter 2 could never be triggered.

Allow

Deny

Redirect

Filtering by Destination IP Address Ranges

Deny

0.0.0.0

255.255.255.255

Filter 1

Filter 3

Filter 4

Filter 2

Allow

Redirect

Filtering by Destination IP Address Ranges

Deny

0.0.0.0

255.255.255.255

Filter 1

Filter 3

Filter 2

See also other documents in the category Nortel Networks Hardware: