Creating Redirect Policies
Page 286 7750 SR OS Router Configuration Guide
Packet Matching Criteria
Up to 65535 IP and 65535 MAC filter IDs (unique filter policies) can be defined. A maximum of
16384 filter entries can be defined in one filter at the same time. Each filter ID can contain up to
65535 filter entries. A maximum of 16384 filter entries can be defined in 1 filter at the same time.
As few or as many match parameters can be specified as required, but all conditions must be met in
order for the packet to be considered a match and the specified action performed. The process stops
when the first complete match is found and then executes the action defined in the entry, either to
drop or forward packets that match the criteria.
IP filter policies match criteria that associate traffic with an ingress or egress SAP. Matching
criteria to drop or forward IP traffic include:
• Source IP address and mask
Source IP address and mask values can be entered as search criteria. The IP Version 4
addressing scheme consists of 32 bits expressed in dotted decimal notation (X.X.X.X).
Address ranges are configured by specifying mask values, the 32-bit combination used to
describe the address portion which refers to the subnet and which portion refers to the host.
The mask length is expressed as an integer (range 1 to 32).
The IP Version 6 (IPv6) addressing scheme consists of 128 bits expressed in compressed
representation of IPv6 addresses (rfc 1924).
• Destination IP address and mask — Destination IP address and mask values can be entered
as search criteria.
• Protocol — Entering a protocol (such as TCP, UDP, etc.) allows the filter to search for the
protocol specified in this field.
• Protocol — For IPv6: entering a next header allows the filter to match the first next header
following the IPv6 header.
• Source port/range — Entering the source port number or port range allows the filter to
search for matching TCP or UDP port and range values.
• Destination port/range — Entering the destination port number or port range allows the
filter to search for matching TCP or UDP values.
• DSCP marking — Entering a DSCP marking enables the filter to search for the DSCP
marking specified in this field. See Table 15.
• ICMP code — Entering an ICMP code allows the filter to search for matching ICMP code
in the ICMP header.
• ICMP type — Entering an ICMP type allows the filter to search for matching ICMP types
in the ICMP header.
• Fragmentation — IPv4 only: Enable fragmentation matching. A match occurs if packets
have either the MF (more fragment) bit set or have the Fragment Offset field of the IP
header set to a non-zero value.