Chapter 9 Topology Hiding

IPv6 Inter-Subscriber Blocking

because they have an SBC DBE-updated DSCP value. Depending on the QoS classification, you also have the flexibility of blocking partial traffic between subscribers without a session established or blocking all the traffic between them.

IPv6 inter-subscriber blocking can be implemented using two methods: Quality of Service (QoS) policy-map-based inter-subscriber blocking, or access control list (ACL)-based inter-subscriber blocking.

QoS Policy-Map-Based Inter-Subscriber Blocking Method

In the following example of the QoS policy-map-based inter-subscriber blocking method, all the packets entering the router (DBE) (through 0/1.1101) are marked using the policy-map INPUT_POLICY with DSCP=default (0). Any packets leaving the DBE (gigabitEthernet 0/2) with DSCP=0 will be blocked by the class-map IPv6_intersubscriber in the policy-map CORE_OUT. IPv6_intersubscriber uses the ACL ipv6_dscp0_any.

Router# show run interface gigabitEthernet 0/1.1101

...

Current configuration : 711 bytes

!

interface GigabitEthernet0/1.1101 encapsulation dot1Q 1101

ip dhcp relay information option subscriber-id 1101 ip address 12.21.1.1 255.255.255.0

ip access-group InFilter_IPv4 in ip access-group OutFilter_IPv4 out ip verify unicast reverse-path

ip helper-address 12.1.99.2 pppoe enable group global ipv6 address 2000:12:21:1::1/64 ipv6 address FE80::1 link-local

ipv6 traffic-filter InFilter_IPv6 in ipv6 traffic-filter OutFilter_IPv6 out ipv6 verify unicast reverse-path ipv6 mld explicit-tracking

ipv6 mld access-group VLAN1

ipv6 dhcp relay destination 2000:12:1:99::2 snmp trap link-status

no cdp enable

service-policy input INPUT_POLICY service-policy output PARENT_OUTPUT_POLICY end

Router# show policy-map INPUT_POLICY Policy Map INPUT_POLICY

Class class-default set dscp default

Router# show policy-map PARENT_OUTPUT_POLICY Policy Map PARENT_OUTPUT_POLICY

Class class-default

Average Rate Traffic Shaping cir 100000000 (bps) service-policy CHILD_OUTPUT_POLICY

Router# show policy-map CHILD_OUTPUT_POLICY Policy Map CHILD_OUTPUT_POLICY

Class EF set cos 5 set dscp ef

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

 

OL-15421-01

9-3

 

 

 

Page 89
Image 89
Cisco Systems ASR 1000 manual QoS Policy-Map-Based Inter-Subscriber Blocking Method