Figure 28, Policy-based forwarding for deep packet inspection – Alcatel-Lucent 7750 SR OS User Manual

Common Configuration Tasks

Page 332

7750 SR OS Router Configuration Guide

Configuring Policy-Based Forwarding for Deep Packet Inspection
in VPLS

The purpose policy-based forwarding is to capture traffic from a customer and perform a deep
packet inspection (DPI) and forward traffic, if allowed, by the DPI.

In the following example, the split horizon groups are used to prevent flooding of traffic. Traffic
from customers enter at SAP 1/1/5:5. Due to the mac-filter 100 that is applied on ingress, all traffic
with dot1p 07 marking will be forwarded to SAP 1/1/22:1, which is the DPI.

DPI performs packet inspection/modification and either drops the traffic or forwards the traffic
back into the box through SAP 1/1/21:1. Traffic will then be sent to spoke-sdp 3:5.

SAP 1/1/23:5 is configured to see if the VPLS service is flooding all the traffic. If flooding is
performed by the router then traffic would also be sent to SAP 1/1/23:5 (which it should not).

Figure 28

shows an example to configure policy-based forwarding for deep packet inspection on a

VPLS service. For information about configuring services, refer to the 7750 SR OS Services
Guide.

Figure 28: Policy-Based Forwarding for Deep Packet Inspection

OSSG125

DPI Box

Residential Split

IngressPBF Filter

on Incoming Traffic

Split Horizon SAPs

Disable Learning

VPLS 10

Normal Stream
PBF Diverted Stream