PLANET WGS3-24000 User Manual

380

definition is to delete the class and re-create it.

2. Policy

▫

creating and deleting policies

▫ associating

classes with a policy

▫

defining policy statements for a policy/class combination

3. Service

▫

adding and removing a policy to/from a directional (i.e., inbound, outbound) interface

Packets are filtered and processed based on defined criteria. The filtering criteria are defined by a class. The processing is

defined by a policy's attributes. Policy attributes may be defined on a per-class instance basis, and it is these attributes that are

applied when a match occurs.

Packet processing begins by testing the match criteria for a packet. A policy is applied to a packet when a class match within

that policy is found.

Note that the type of class - all, any, or acl - has a bearing on the validity of match criteria specified when defining the class. A

class type of 'any' processes its match rules in an ordered sequence; additional rules specified for such a class simply extend

this list. A class type of 'acl' obtains its rule list by interpreting each ACL rule definition at the time the Diffserv class is created.

Differences arise when specifying match criteria for a class type 'all', since only one value for each non-excluded match field is

allowed within a class definition. If a field is already specified for a class, all subsequent attempts to specify the same field fail,

including the cases where a field can be specified multiple ways through alternative formats. The exception to this is when the

'exclude' option is specified, in which case this restriction does not apply to the excluded fields.

The following class restrictions are imposed by the DiffServ design:

▫

nested class support limited to:

▫ 'any'

within

'any'

▫ 'all'

within

'all'

▫

no nested 'not' conditions

▫

no nested 'acl' class types

▫

each class contains at most one referenced class

▫

hierarchical service policies not supported in a class definition

▫

access list matched by reference only, and must be sole criterion in a class

▫

i.e., ACL rules copied as class match criteria at time of class creation, with class type 'any'

▫

implicit ACL 'deny all' rule also copied

▫

no nesting of class type 'acl'

Regarding nested classes, referred to here as class references, a given class definition can contain at most one reference to

another class, which can be combined with other match criteria. The referenced class is truly a reference and not a copy, since

additions to a referenced class affect all classes that reference it. Changes to any class definition currently referenced by any

other class must result in valid class definitions for all derived classes otherwise the change is rejected. A class reference may

be removed from a class definition.

The user can display summary and detailed information for classes, policies and services. All configuration information is

accessible via the CLI, Web, and SNMP user interfaces.