Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems ASR 1000 manual IPv6 Support, ACL-Based Inter-Subscriber Blocking Method

Models: ASR 1000

1 112
Download 112 pages 13.17 Kb
Page 91
Image 91

Chapter 9 Topology Hiding

IPv6 Support

ACL-Based Inter-Subscriber Blocking Method

In the following example of the ACL-based inter-subscriber blocking method, packets entering the DBE from the access side are marked with DSCP=0 using the same INPUT_POLICY as the QoS method above, but packets leaving the DBE use the ACL OutFilter_IPv6 as follows:

Router# show ipv6 access-list OutFilter_IPv6 IPv6 access list OutFilter_IPv6

permit icmp any any packet-too-big sequence 10 deny icmp any any sequence 20

deny ipv6 any any dscp default sequence 40 permit ipv6 any any sequence 50

DBE Restrictions

The following is a restriction of DBE support for IPv6 inter-subscriber blocking:

Because the configuration of inter-subscriber blocking in the IPv6 environment relies on Cisco IOS QoS to mark the DSCP value in the ingress feature process, the original DSCP value of the packets arriving at the DBE router will not be preserved.

IPv6 Support

IPv6 support includes the following functionality:

The DBE supports IPv6 pinholes for both media endpoints and signaling endpoints. See the “IPv6 Pinholes” section on page 9-6.

Note Pinhole is an informal term for a pair of terminations in the same stream and same context.

Media flows do not support Network Address and Port Translation (NAPT); they must be No NAPT.

As a result, you cannot configure any media addresses under IPv6. Media flows may consist of voice or video.

Signaling flows support Single NAPT.

You are able to configure signaling addresses under IPv6.

The DBE examines all IPv6 packets that arrive from the network and determines which ones belong to authorized SBC media streams. The DBE normally uses the destination (and possibly the source) IP address and port for packet classification. The DBE identifies packets belonging to an authorized media stream as SBC packets and applies the appropriate traffic policing rules to the packets. The counter showing number of packets received is modified.

After that, SBC performs packet processing and updating. The packet is forwarded out of the specified interface. IPv6 packet forwarding works in the same way as IPv4 packet forwarding, except for a few differences in the IP header processing.

Single NAPT for signaling means that packets arriving from an endpoint are addressed to an SBC media address. When they are passed to the media gateway controller (MGC), also know as an SBE, the packets need to keep the endpoint’s source IP address and port number. Therefore, only destination addresses and ports are translated in Single NAPT. When the MGC/SBE sends a reply back to the endpoint, the

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

 

OL-15421-01

9-5

 

 

 

Page 90 Page 92
Page 91
Image 91
Cisco Systems ASR 1000 manual IPv6 Support, ACL-Based Inter-Subscriber Blocking Method
Page 90 Page 92