Cisco Systems ASR 1000 manual QoS Policy-Map-Based Inter-Subscriber Blocking Method

Page 89

Chapter 9 Topology Hiding

IPv6 Inter-Subscriber Blocking

because they have an SBC DBE-updated DSCP value. Depending on the QoS classification, you also have the flexibility of blocking partial traffic between subscribers without a session established or blocking all the traffic between them.

IPv6 inter-subscriber blocking can be implemented using two methods: Quality of Service (QoS) policy-map-based inter-subscriber blocking, or access control list (ACL)-based inter-subscriber blocking.

QoS Policy-Map-Based Inter-Subscriber Blocking Method

In the following example of the QoS policy-map-based inter-subscriber blocking method, all the packets entering the router (DBE) (through 0/1.1101) are marked using the policy-map INPUT_POLICY with DSCP=default (0). Any packets leaving the DBE (gigabitEthernet 0/2) with DSCP=0 will be blocked by the class-map IPv6_intersubscriber in the policy-map CORE_OUT. IPv6_intersubscriber uses the ACL ipv6_dscp0_any.

Router# show run interface gigabitEthernet 0/1.1101

...

Current configuration : 711 bytes

!

interface GigabitEthernet0/1.1101 encapsulation dot1Q 1101

ip dhcp relay information option subscriber-id 1101 ip address 12.21.1.1 255.255.255.0

ip access-group InFilter_IPv4 in ip access-group OutFilter_IPv4 out ip verify unicast reverse-path

ip helper-address 12.1.99.2 pppoe enable group global ipv6 address 2000:12:21:1::1/64 ipv6 address FE80::1 link-local

ipv6 traffic-filter InFilter_IPv6 in ipv6 traffic-filter OutFilter_IPv6 out ipv6 verify unicast reverse-path ipv6 mld explicit-tracking

ipv6 mld access-group VLAN1

ipv6 dhcp relay destination 2000:12:1:99::2 snmp trap link-status

no cdp enable

service-policy input INPUT_POLICY service-policy output PARENT_OUTPUT_POLICY end

Router# show policy-map INPUT_POLICY Policy Map INPUT_POLICY

Class class-default set dscp default

Router# show policy-map PARENT_OUTPUT_POLICY Policy Map PARENT_OUTPUT_POLICY

Class class-default

Average Rate Traffic Shaping cir 100000000 (bps) service-policy CHILD_OUTPUT_POLICY

Router# show policy-map CHILD_OUTPUT_POLICY Policy Map CHILD_OUTPUT_POLICY

Class EF set cos 5 set dscp ef

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

 

OL-15421-01

9-3

 

 

 

Image 89
Contents Americas Headquarters Page Iii N T E N T SQoS Bandwidth Allocation Traffic Management Package Support Local Source Properties Address and Port Vii IPv6 SupportEvents Storage Until Event Acknowledgment Document Revision History PrefaceObjectives OL-15421-01 May 5 This document was first publishedOrganization Intended AudienceDocument Conventions Related DocumentationCisco ASR 1000 Series Router Documentation Cisco IOS Release 12.2SR Software PublicationsXii Xiii Obtaining Documentation and Submitting a Service RequestXiv General Overview ContentsCisco ASR 1000 Series Routers Overview Example of SBC High Level Architecture Distributed and Unified ModelsOn page 1-3illustrates the unified model Release Feature Name Related SBC Commands Documented Supported Integrated Session Border Controller FeaturesPackage segment Cisco IOS Cisco IOS Logging Level in ConfiguringNone XE ReleaseMedia-address ipv4 Deployment of the Integrated Session Border Controller Transaction-pending commandIntegrated SBC Used for VoIP Interworking Integrated Session Border Controller DBE Deployment Scenario Restrictions for Integrated Session Border Controller Configuring Integrated Session Border ControllerPrerequisites for Integrated Session Border Controller Summary Steps PrerequisitesEnter your password if prompted Enables privileged Exec modeEnters global configuration mode Enters into interface configuration modeOwn address when connecting to the SBE Configures the DBE to use a specific IPv4 H.248 controlConfigures the H.248 controller for the DBE and enters into Controller H.248 configuration modeExamples Troubleshooting TipsWhat To Do Next Configuring H.248 Logging Level SBC-DBE configuration mode Creates the DBE service on the SBC and enters intoSets a specified logging level to generate detailed logs Messages sent and received. Turns on consoleEnabling H.248 Logging Requests and Responses Example H.248 Log Output Configuration ExamplesThis section provides the following configuration examples SBC DBE Configuration Steps Example Making Global Changes to Controllers Example == Make change to local port Following example shows the initial SBC configurationControl-address h248 ipv4 172.25.2.26 controller h248 Making Changes to Individual Controller Settings ExampleIeps Indicator Yes Topology Priority Indicator Yes Emergency IndicatorCisco H.248 Profile Overview of ProfilePackage ID Version Profile PackagesPackage ID Version Support Dependent On Information About Dtmf Interworking Dtmf InterworkingSIP to RTP Interworking Configuring Default Duration of a Dtmf EventRTP to SIP Interworking Configuration mode. Use the sbc-name argument to specify Enters the mode of a DBE service and enters into SBC-DBEName of the DBE service Configures the default duration of a Dtmf eventPage Prerequisites for Implementing Media Address Pools Restrictions for Configuring Media Address PoolsMedia Address Pools Information About Media Address Pools Configuring Media Address PoolsEnters into SBC-DBE configuration mode Is configuredConfiguration mode Creates a port range for the configured mediaConfiguring Media Address Pools Example Traffic Management Package Support Quality of Service and Bandwidth ManagementPage Parameters on AC and per SDP on Dscp Marking and IP Precedence MarkingDscp Re-Markings Rtcp Policing Not Using Tman Package Rtcp Policing Using Tman PackageQoS Bandwidth Allocation Rtcp PolicingImplementing Two-Rate Three-Color Policing and Marking Two-Rate Three-Color Policing and MarkingEnabling Two-Rate Three-Color Policing and Marking DBE Restrictions Related Commands Page Enabling Optional H.248 Packages Packages-Signaling and ControlSegmentation Package Support Address Reporting PackageSession Failure Reaction Package Termination State Control Package Tsc-quiesce FeatureTsc-suspend Feature Vlan Package Syntax-Level Support 248.1v3 SupportMGC-Controlled Gateway-Wide Properties Page Services-Signaling and Control DBE Signaling Pinhole Support Extension to H.248 Termination Wildcarding Support Extension to H.248 Audit SupportFlexible Address Prefix Provisioning Locally Hairpinned Sessions Local Source Properties Address and PortTwice Napt Pinhole Hairpinning No Napt Pinhole HairpinningMGC-Specified Local Addresses or Ports Restrictions for Nine-Tier Termination Name Hierarchy Multi-Stream TerminationsNine-Tier Termination Name Hierarchy Displaying the Nine-Tier Termination Name Hierarchy Information About Nine-Tier Termination Name HierarchyAbc/voice/gn/0/1/0/1/ac/3 Displaying the Nine-Tier Termination Name Hierarchy ExampleOptional Local and Remote Descriptors RTP Specific Behavior Support ServiceChange Notification for Interface Status ChangeRemote Source Address Mask Filtering Sbc interface-id value End Configuration Example Output Tsc-Delay Timer MAX TimerTmax-timercommand configures the value of the T-MAX timer Video on Demand VOD SupportServices-Signaling and Control Video on Demand VOD Support Services-Signaling and Control Video on Demand VOD Support Integrated Session Border Controller Security Firewall Media Pinhole Control Latch and Relatch Support Interim Authentication Header SupportLocal Source Properties Address and Port Etsi TS 102 333 version 1.1.2 Gate Management Package Napt and NAT TraversalTraffic Management Policing Topology HidingTopology Hiding IPv6 Inter-Subscriber Blocking IPv4 Twice NaptRouter# show run interface gigabitEthernet 0/1.1101 QoS Policy-Map-Based Inter-Subscriber Blocking MethodRouter# show class-map IPv6intersubscriber ACL-Based Inter-Subscriber Blocking Method IPv6 SupportIPv6 No Napt Support for Media Flows IPv6 PinholesSend Recv IPv6 Single Napt for SignalingSingle Napt Signaling Flow No Napt Pinholes Topology Hiding No Napt Pinholes 10-1 High Availability SupportIntegrated Session Border Controller High Availability Software Redundancy Hardware RedundancyRoute Processor Redundancy RPR 10-210-3 SSO SupportIssu Support High Availability Support Issu Support 10-411-1 Quality Monitoring and Statistics GatheringBilling and Call Detail Records Congestion-threshold CommandDBE Status Notification Enhanced Event Notification and Auditing11-3 Retention and Returning of H.248 Event InformationResetting the Media Timeout Timers Association ResetSilent Gate Deletion 11-411-5 Middlebox Pinhole Timer Expired EventNetwork Package Quality Alert Event 11-6 Provisioned Inactivity TimerRelated Command IN-1 IN-2 IN-3 Policing Asymmetric policing Ipv6 packets Pinhole Pinhole timeoutRTP specific behavior support SBE IN-4IN-5 IN-6