ServicePolicyRules statement

Use the ServicePolicyRules statement to specify characteristics of IP packets that are used to map to a corresponding service category; it defines a set of IP datagrams that should receive a particular service.

Restriction: This statement defines a Version 1 Service Policy Rule.

Syntax


>>-ServicePolicyRules--name--| Put Braces and Parameters on Separate Lines |-><

Put Braces and Parameters on Separate Lines

|--+-{---------------------------------+------------------------|
   +-| ServicePolicyRules Parameters |-+   
   '-}---------------------------------'   

ServicePolicyRules Parameters

   .-PolicyScope --DataTraffic----.   
|--+------------------------------+----------------------------->
   '-PolicyScope--+-DataTraffic-+-'   
                  +-RSVP--------+     
                  '-Both--------'     

   .-Direction --Outgoing----.  .-Permission --Allowed----.   
>--+-------------------------+--+-------------------------+----->
   '-Direction--+-Incoming-+-'  '-Permission--+-Allowed-+-'   
                +-Outgoing-+                  '-Blocked-'     
                '-Both-----'                                  

   .-ProtocolNumber --All-.  .-Interface --All--.   
>--+----------------------+--+------------------+--------------->
   '-ProtocolNumber --n---'  '-Interface --addr-'   

   .-SourceAddressRange --All-------.   
>--+--------------------------------+--------------------------->
   '-SourceAddressRange --addr addr-'   

   .-DestinationAddressRange --All-------.   
>--+-------------------------------------+---------------------->
   '-DestinationAddressRange --addr addr-'   

   .-SourcePortRange --All-.  .-DestinationPortRange --All-.   
>--+-----------------------+--+----------------------------+---->
   '-SourcePortRange --n n-'  '-DestinationPortRange --n n-'   

   .-DaysOfWeekMask --1111111-.  .-TimeOfDayRange --0-24-.   
>--+--------------------------+--+-----------------------+------>
   '-DaysOfWeekMask --n-------'  '-TimeOfDayRange --n----'   

>--+-----------------------------+------------------------------|
   | .-------------------------. |   
   | V                         | |   
   '---ServiceReference --name-+-'

Parameters

name

A string 1 - 32 characters in length specifying the name of this policy rule.

PolicyScope

Indicates to what traffic this policy rule applies. Valid values are DataTraffic, RSVP, and Both. The default is DataTraffic. When RSVP (Resource reSerVation Protocol, a network protocol running on top of IP) is specified, this policy only applies to data that are specifically reserved by using RSVP. When DataTraffic is specified, the policy applies to all other non-RSVP data.

Direction

Indicates the direction of traffic for which this policy rule applies. Valid values are Incoming, Outgoing, and Both. The default is Outgoing.

Restriction: Policies are applied to TCP on a connection basis, whereas they are applied to UDP/RAW on a per-packet basis. Therefore, the Direction attribute is also mapped accordingly. More specifically, if a policy is defined for TCP, the Direction attribute applies to the direction of the connection (inbound if the local 390 host is to receive the connection request, such as incoming TCP SYN segments). If a policy is defined for UDP/RAW, Direction applies to individual packets.

Permission

Indicates whether packets belonging to this policy rule should be discarded or allowed to proceed. Valid values are Allowed and Blocked. The default is Allowed.

ProtocolNumber

This is a 1-byte field in the IP header to identify the protocol running on top of IP. Common protocols are UDP and TCP. For UDP, TCP, and RAW, this field can be specified with these names. For others, a number has to be specified (for example, 1 for ping). The default is all protocols.

Interface

The local IP subnet for which this policy rule applies. The default is all interfaces.

SourceAddressRange

The local IP address range. This field consists of two addresses, separated by a space, where the first address is less than or equal to the second address. The default is 0, which is all inclusive.

SourceAddressRange is the address range of addresses that are local to the 390 host (for example, defined by way of HOME statements in the TCP/IP configuration).

Rules:

Include a blank or a dash (-) as a delimiter.
If the IP address is IPv6, it cannot be an IPv4-mapped IPv6 address (in hexadecimal or dotted decimal format) or an IPv6 address with the reserved prefix ::/96. If the IPv6 address is one of these two types, an error message is logged.

DestinationAddressRange

The remote IP address range. This field consists of two addresses, separated by a space, where the first address is less than or equal to the second address. The default is 0, which is all inclusive.

DestinationAddressRange is the address range of the remote hosts that are communicating with the local 390 host.

Rules:

Include a blank or a dash (-) as a delimiter.
If the IP address is IPv6, it cannot be an IPv4-mapped IPv6 address (in hexadecimal or dotted decimal format) or an IPv6 address with the reserved prefix ::/96. If the IPv6 address is one of these two types, an error message is logged.

SourcePortRange

The local port range. This field consists of two port numbers, separated by a space, where the first port number is less than or equal to the second port number. The default is 0, which is all inclusive.

SourcePortRange contains the port range of the remote hosts that are communicating with the local 390 host.

Rule: Include a blank, a colon (:), or a dash (-) as a delimiter.

DestinationPortRange

The remote port range. This field consists of two port numbers, separated by a space, where the first port number is less than or equal to the second port number. The default is 0, which is all inclusive.

DestinationPortRange contains the address range of the remote hosts that are communicating with the local 390 host.

Rule: Include a blank, a colon (:), or a dash (-) as a delimiter.

DaysOfWeekMask

A mask of seven bits representing the days in a week (Sunday through Saturday) that this policy rule is active. For example, 0111110 represents weekdays. The default is all week.

TimeOfDayRange

A series of time intervals that indicate the time, expressed in local time, during which this policy rule is active. Separate intervals with a comma. You can specify hours and optional minutes, separated by a colon. The values 0 and 24 both indicate midnight. Each interval consists of two values separated by a dash. If the second value is smaller than or equal to the first value, then the interval spans midnight. For example, the following statement results in this policy being active from 5:30 PM until 8:30 AM:

TimeOfDayRange 0-8:30, 17:30-24

You can also configure the same time interval as follows:

TimeOfDayRange 17:30-8:30

The default is 24 hours.

ServiceReference

Indicates the name of a service category from a service category statement (for example, interactive) that this policy rule uses. One or more service category names can be specified to associate this policy rule with different interfaces or different service policies depending, for example, on the time when each of those service policies are active.

Examples

Following is an example of the ServicePolicyRules Version 1 statement.

Figure 1. Example of the ServicePolicyRules Version 1 statement

ServicePolicyRules V1Rule
{
PolicyScope Both
Direction Both
Permission Allowed
ProtocolNumber TCP
Interface 9.67.116.98
SourceAddressRange 9.67.100.7.9.67.100.11
DestinationPortRange 100-5000
DaysOfWeekMask 1111111
TimeOfDayRange 08:00-23:00
ServiceReference V1Action
}

Usage notes

The weight of ServicePolicyRules is determined by the number of parameters that are specified in the ServicePolicyRules. The parameters that affect this weight are:

SourceAddressRange
DestinationAddressRange
SourcePortRange
DestinationPortRange
Interface
ProtocolNumber
Direction not equal to BOTH
PolicyScope not equal to BOTH