Common Configuration Tasks
Page 332 7750 SR OS Router Configuration Guide
Configuring Policy-Based Forwarding for Deep Packet Inspection
in VPLS
The purpose policy-based forwarding is to capture traffic from a customer and perform a deep
packet inspection (DPI) and forward traffic, if allowed, by the DPI.
In the following example, the split horizon groups are used to prevent flooding of traffic. Traffic
from customers enter at SAP 1/1/5:5. Due to the mac-filter 100 that is applied on ingress, all traffic
with dot1p 07 marking will be forwarded to SAP 1/1/22:1, which is the DPI.
DPI performs packet inspection/modification and either drops the traffic or forwards the traffic
back into the box through SAP 1/1/21:1. Traffic will then be sent to spoke-sdp 3:5.
SAP 1/1/23:5 is configured to see if the VPLS service is flooding all the traffic. If flooding is
performed by the router then traffic would also be sent to SAP 1/1/23:5 (which it should not).
Figure 28 shows an example to configure policy-based forwarding for deep packet inspection on a
VPLS service. For information about configuring services, refer to the 7750 SR OS Services
Guide.
Figure 28: Policy-Based Forwarding for Deep Packet Inspection
OSSG125
DPI Box
Residential Split
IngressPBF Filter
on Incoming Traffic
Split Horizon SAPs Disable Learning
VPLS 10
Normal Stream
PBF Diverted Stream