26.1. IP Access Control List

Using IP Access Control List, Abilis CPX filters transit datagrams basing on the information carried by the header (source address and destination, internet protocol version and numbers of logical port) and not on their content.

IPACL provides two different kinds of filters:

Filters also allow assigning each datagram data flow a different service class:

Usually the service classes are also called “priorities” so that it's possible to speak of “the traffic prioritization”.

[Tip]Tip

This feature is very important when VoIP and Data applications use the same link. In these cases, voice packets must have the highest priority.

Changes on IPACL are immediately active, restart to Abilis CPX isn't required.

[Caution]Caution

Packet filtering” definitions must be added carefully cause the access to the Abilis by IP may be blocked!

26.1.1. TOS (Type Of Service)

TOS is just a hint of the routing algorithm that helps it choose among various paths to a destination. Each datagram data flow can be associated with a different Type Of Service (TOS).

The Type of Service is used to indicate the quality of the service desired.

It's an abstract set of parameters characterizing the service choices provided in the networks which make up the internet.

Type of service indication is used by gateways to:

  • select the actual transmission parameters for a particular network;

  • choose the network to use for the next hop;

  • choose the next gateway;

when routing an internet datagram.

The five allowed values are:

  • N = None;

  • D = Minimize Delay;

  • T = Maximize Throughput;

  • R = Maximize Reliability;

  • C = Minimize Monetary Cost.

26.1.2. Activating IPACL

The IP Access Control List must be enabled into the IPRTR Resource.

[15:14:30] ABILIS_CPX:d p iprtr

RES:Iprtr ---------------------------------------------------------------------
Run    DESCR:IP_Router_general_properties
       - General --------------------------------------------------------------
       R-ID:AUTO (192.168.029.254)   
       maxroute:500       DFTTTL:255          ps:2048       
       DEF-LOCAL-AD:0     DEF-STATIC-AD:1     DEF-OSPF-AD:110   DEF-RIP-AD:120
       pvc:0              bsvc:0              LINKS:6           virtual:0
       - IP Access List -------------------------------------------------------
       ACL:NO                 ACLBYPASS:#              
       COS:DISABLED           COSDFT:NORMAL     
       COSBALANCE:NO          NORMRATE:50            LOWRATE:50   
       - IPCOS to 802.1q (VLAN) priority --------------------------------------
       LOW:1                  NORMAL:0               HIGH:5    
       - Ppp-Dns --------------------------------------------------------------
       PPP-DNS-PRI:000.000.000.000  PPP-DNS-SEC:000.000.000.000

The highlight parameters manages the IPACL activation and functionality mode.

ACL

It activates the IP Access List service and chooses the operating mode [NO, YES].

ACLBYPASS

It sets the IP address of the IP datagram received that will be managed without considering filters eventually defined in the IP Access List [*: stands for “any IP address”, that is the IP access list service will be applied to any IP datagrams; #: stands for “no IP address”, that is the IP access list service will NOT be applied to any IP datagrams; 1-126.x.x.x, 128-223.x.x.x].

COS

It activates/deactivates the IP classes of service. Class of service is a feature used to assign different priorities to specific paths of IP datagrams. The assignment of this priority is done by IPRTR upon reception of every IP datagram, using the information present in the IPACL.

COSDFT

It sets the Class of IP service default value [LOW, NORMAL, HIGH].

COSBALANCE

It activates/deactivates the balance functionality of the IP classes of service. This procedure provides an acceptable service to each class by avoiding that higher priority classes are too prevalent respect the lower ones. The user, through the parameters NORMRATE and LOWRATE, can set the percentage balance ratio.

NORMRATE

It sets the percentage balance ratio between resources allocated for the classes with “NORMAL” priority and the ones with “HIGH” priority.

LOWRATE

It sets the percentage balance ratio between resources allocated for the classes with “LOW” priority and the ones with “NORMAL” priority.

For example, the command enables the IPACL and the COS Management is:

[15:28:50] ABILIS_CPX:s p iprtr acl:yes cos:enabled

COMMAND EXECUTED

[15:36:47] ABILIS_CPX:d p iprtr

RES:Iprtr ---------------------------------------------------------------------
Run    DESCR:IP_Router_general_properties
       - General --------------------------------------------------------------
       R-ID:AUTO (192.168.029.254)   
       maxroute:500       DFTTTL:255          ps:2048       
       DEF-LOCAL-AD:0     DEF-STATIC-AD:1     DEF-OSPF-AD:110   DEF-RIP-AD:120
       pvc:0              bsvc:0              LINKS:6           virtual:0
       - IP Access List -------------------------------------------------------
       ACL:YES                ACLBYPASS:#              
       COS:ENABLED            COSDFT:NORMAL     
       COSBALANCE:NO          NORMRATE:50            LOWRATE:50   
       - IPCOS to 802.1q (VLAN) priority --------------------------------------
       LOW:1                  NORMAL:0               HIGH:5    
       - Ppp-Dns --------------------------------------------------------------
       PPP-DNS-PRI:000.000.000.000  PPP-DNS-SEC:000.000.000.000
[Caution]Caution

To activate the changes made on the upper case parameters, execute the initialization command init res:iprtr; while to set act the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. With warm start command).