cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
472
Views
0
Helpful
8
Replies
Beginner

packet-length filtering

I’m looking for a way to create and apply outbound filter on a ASR9K (ios-xr is currently 5.3.3 on a ASR9001 in the lab)

I would like to match for example on packet-lenght with an action drop or police traffic

A standard ACL will not work as I understand it, but you are able to match on packet-length in a class-map.

Using policy-map type pbr and class-map type traffic is only supported inbound, so now I wounder if there is another way to create a outbound filter that will match packet-length, tcp-flags, fragment-types

Just a short config example:

policy-map type pbr TEST_VER1

class type traffic PACKET_LENGTH_1

drop

!

end-policy-map

!

class-map type traffic match-all PACKET_LENGTH_1

match packet length ipv4 567

end-class-map

!

Thanks Jonas

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

PBR is the only way to do

PBR is the only way to do this ingress at the moment, its not possible egress.

In 6.2.2 you will be able to natively match the pkt length with an ACL(Without PBR), but this is supported on the 800G line cards(Tomahawk). The 9001 is built on the Typhoon Arch, there is no plan to support the packet length matching there.


Regards

Eddie. 

8 REPLIES 8
Cisco Employee

PBR is the only way to do

PBR is the only way to do this ingress at the moment, its not possible egress.

In 6.2.2 you will be able to natively match the pkt length with an ACL(Without PBR), but this is supported on the 800G line cards(Tomahawk). The 9001 is built on the Typhoon Arch, there is no plan to support the packet length matching there.


Regards

Eddie. 

Beginner

Hello Eddie, thanks for the

Hello Eddie, thanks for the information.

I suppose the same is valid for matching fragments, tcp flags (supported in PBR) ?

Also do you know if the next gen 9001 is based on Tomahawk?

//J

Enthusiast

There will be 9901 at the end

There will be 9901 at the end of the year.

It will probably be Tomahawk based HW.

Cisco Employee

yes, asr9901 is Tomahawk

yes, asr9901 is Tomahawk based.

Participant

If you want to create an

If you want to create an outbound filter that will match packet-length, you can use QOS policing for that purpose.

 

adam
Beginner

I don't think that will work

I don't think that will work if I want to have an drop or police action, it's seams to only be supported in PBR

Highlighted
Participant

Of course you can:

Beginner

Hi Adam, may I ask you for an

Hi Adam, may I ask you for an example?

afaik matching packet length require class-typ traffic

!!% Policy manager does not support this feature: Match type "ip packet-length" not supported for class-map type "qos"

And you can not use a class-map type traffic in a QoS policy
!!% Policy manager does not support this feature: Class-map type "traffic" not supported within policy-map type "qos"

It's working in PBR, but PBR is ingress

//J

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards