Packet matching criteria – Alcatel-Lucent 7750 SR OS User Manual
Page 286
 
Creating Redirect Policies
Page 286
7750 SR OS Router Configuration Guide
Packet Matching Criteria
Up to 65535 IP and 65535 MAC filter IDs (unique filter policies) can be defined. A maximum of 
16384 filter entries can be defined in one filter at the same time. Each filter ID can contain up to 
65535 filter entries. A maximum of 16384 filter entries can be defined in 1 filter at the same time. 
As few or as many match parameters can be specified as required, but all conditions must be met in 
order for the packet to be considered a match and the specified action performed. The process stops 
when the first complete match is found and then executes the action defined in the entry, either to 
drop or forward packets that match the criteria.
IP filter policies match criteria that associate traffic with an ingress or egress SAP. Matching 
criteria to drop or forward IP traffic include:
•
Source IP address and mask
Source IP address and mask values can be entered as search criteria. The IP Version 4 
addressing scheme consists of 32 bits expressed in dotted decimal notation (X.X.X.X). 
Address ranges are configured by specifying mask values, the 32-bit combination used to 
describe the address portion which refers to the subnet and which portion refers to the host. 
The mask length is expressed as an integer (range 1 to 32). 
The IP Version 6 (IPv6) addressing scheme consists of 128 bits expressed in compressed 
representation of IPv6 addresses (rfc 1924). 
•
Destination IP address and mask — Destination IP address and mask values can be entered 
as search criteria. 
•
Protocol — Entering a protocol (such as TCP, UDP, etc.) allows the filter to search for the 
protocol specified in this field.
•
Protocol — For IPv6: entering a next header allows the filter to match the first next header 
following the IPv6 header. 
•
Source port/range — Entering the source port number or port range allows the filter to 
search for matching TCP or UDP port and range values. 
•
Destination port/range — Entering the destination port number or port range allows the 
filter to search for matching TCP or UDP values.
•
DSCP marking — Entering a DSCP marking enables the filter to search for the DSCP 
marking specified in this field. See 
•
ICMP code — Entering an ICMP code allows the filter to search for matching ICMP code 
in the ICMP header. 
•
ICMP type — Entering an ICMP type allows the filter to search for matching ICMP types 
in the ICMP header.
•
Fragmentation — IPv4 only: Enable fragmentation matching. A match occurs if packets 
have either the MF (more fragment) bit set or have the Fragment Offset field of the IP 
header set to a non-zero value.