Chapter 9 Topology Hiding
IPv6 Inter-Subscriber Blocking
because they have an SBC DBE-updated DSCP value. Depending on the QoS classification, you also have the flexibility of blocking partial traffic between subscribers without a session established or blocking all the traffic between them.
IPv6 inter-subscriber blocking can be implemented using two methods: Quality of Service (QoS) policy-map-based inter-subscriber blocking, or access control list (ACL)-based inter-subscriber blocking.
QoS Policy-Map-Based Inter-Subscriber Blocking Method
In the following example of the QoS policy-map-based inter-subscriber blocking method, all the packets entering the router (DBE) (through 0/1.1101) are marked using the policy-map INPUT_POLICY with DSCP=default (0). Any packets leaving the DBE (gigabitEthernet 0/2) with DSCP=0 will be blocked by the class-map IPv6_intersubscriber in the policy-map CORE_OUT. IPv6_intersubscriber uses the ACL ipv6_dscp0_any.
Router# show run interface gigabitEthernet 0/1.1101
...
Current configuration : 711 bytes
!
interface GigabitEthernet0/1.1101 encapsulation dot1Q 1101
ip dhcp relay information option subscriber-id 1101 ip address 12.21.1.1 255.255.255.0
ip access-group InFilter_IPv4 in ip access-group OutFilter_IPv4 out ip verify unicast reverse-path
ip helper-address 12.1.99.2 pppoe enable group global ipv6 address 2000:12:21:1::1/64 ipv6 address FE80::1 link-local
ipv6 traffic-filter InFilter_IPv6 in ipv6 traffic-filter OutFilter_IPv6 out ipv6 verify unicast reverse-path ipv6 mld explicit-tracking
ipv6 mld access-group VLAN1
ipv6 dhcp relay destination 2000:12:1:99::2 snmp trap link-status
no cdp enable
service-policy input INPUT_POLICY service-policy output PARENT_OUTPUT_POLICY end
Router# show policy-map INPUT_POLICY Policy Map INPUT_POLICY
Class class-default set dscp default
Router# show policy-map PARENT_OUTPUT_POLICY Policy Map PARENT_OUTPUT_POLICY
Class class-default
Average Rate Traffic Shaping cir 100000000 (bps) service-policy CHILD_OUTPUT_POLICY
Router# show policy-map CHILD_OUTPUT_POLICY Policy Map CHILD_OUTPUT_POLICY
Class EF set cos 5 set dscp ef
Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers