Use
the ServicePolicyRules statement to specify characteristics of IP
packets that are used to map to a corresponding service category;
it defines a set of IP datagrams that should receive a particular
service.
Restriction: This statement defines a Version
1 Service Policy Rule.
Syntax
>>-ServicePolicyRules--name--| Put Braces and Parameters on Separate Lines |-><
Put Braces and Parameters on Separate Lines
|--+-{---------------------------------+------------------------|
+-| ServicePolicyRules Parameters |-+
'-}---------------------------------'
ServicePolicyRules Parameters
.-PolicyScope --DataTraffic----.
|--+------------------------------+----------------------------->
'-PolicyScope--+-DataTraffic-+-'
+-RSVP--------+
'-Both--------'
.-Direction --Outgoing----. .-Permission --Allowed----.
>--+-------------------------+--+-------------------------+----->
'-Direction--+-Incoming-+-' '-Permission--+-Allowed-+-'
+-Outgoing-+ '-Blocked-'
'-Both-----'
.-ProtocolNumber --All-. .-Interface --All--.
>--+----------------------+--+------------------+--------------->
'-ProtocolNumber --n---' '-Interface --addr-'
.-SourceAddressRange --All-------.
>--+--------------------------------+--------------------------->
'-SourceAddressRange --addr addr-'
.-DestinationAddressRange --All-------.
>--+-------------------------------------+---------------------->
'-DestinationAddressRange --addr addr-'
.-SourcePortRange --All-. .-DestinationPortRange --All-.
>--+-----------------------+--+----------------------------+---->
'-SourcePortRange --n n-' '-DestinationPortRange --n n-'
.-DaysOfWeekMask --1111111-. .-TimeOfDayRange --0-24-.
>--+--------------------------+--+-----------------------+------>
'-DaysOfWeekMask --n-------' '-TimeOfDayRange --n----'
>--+-----------------------------+------------------------------|
| .-------------------------. |
| V | |
'---ServiceReference --name-+-'
Parameters
- name
- A string 1 - 32 characters in length specifying the name of this
policy rule.
- PolicyScope
- Indicates to what traffic this policy rule applies. Valid values
are DataTraffic, RSVP,
and Both. The default is DataTraffic.
When RSVP (Resource reSerVation Protocol, a network protocol running
on top of IP) is specified, this policy only applies to data that
are specifically reserved by using RSVP. When DataTraffic is
specified, the policy applies to all other non-RSVP data.
- Direction
- Indicates the direction of traffic for which this policy rule
applies. Valid values are Incoming, Outgoing,
and Both. The default is Outgoing.
Restriction: Policies
are applied to TCP on a connection basis, whereas they are applied
to UDP/RAW on a per-packet basis. Therefore, the Direction attribute
is also mapped accordingly. More specifically, if a policy is defined
for TCP, the Direction attribute applies to the direction of the connection
(inbound if the local 390 host is to receive the connection request,
such as incoming TCP SYN segments). If a policy is defined for UDP/RAW,
Direction applies to individual packets.
- Permission
- Indicates whether packets belonging to this policy rule should
be discarded or allowed to proceed. Valid values are Allowed and Blocked.
The default is Allowed.
- ProtocolNumber
- This is a 1-byte field in the IP header to identify the protocol
running on top of IP. Common protocols are UDP and TCP. For UDP, TCP,
and RAW, this field can be specified with these names. For others,
a number has to be specified (for example, 1 for ping). The default
is all protocols.
- Interface
- The local IP subnet for which this policy rule applies. The default
is all interfaces.
- SourceAddressRange
- The local IP address range. This field consists of two addresses,
separated by a space, where the first address is less than or equal
to the second address. The default is 0, which is all inclusive.
SourceAddressRange
is the address range of addresses that are local to the 390 host (for
example, defined by way of HOME statements in the TCP/IP configuration).
Rules: - Include a blank or a dash (-) as a delimiter.
- If the IP address is IPv6, it cannot be an IPv4-mapped
IPv6 address (in hexadecimal or dotted decimal format) or an IPv6
address with the reserved prefix ::/96. If the IPv6 address is one
of these two types, an error message is logged.
- DestinationAddressRange
- The remote IP address range. This field consists of two addresses,
separated by a space, where the first address is less than or equal
to the second address. The default is 0, which is all inclusive.
DestinationAddressRange
is the address range of the remote hosts that are communicating with
the local 390 host.
Rules: - Include a blank or a dash (-) as a delimiter.
- If the IP address is IPv6, it cannot be an IPv4-mapped
IPv6 address (in hexadecimal or dotted decimal format) or an IPv6
address with the reserved prefix ::/96. If the IPv6 address is one
of these two types, an error message is logged.
- SourcePortRange
- The local port range. This field consists of two port numbers,
separated by a space, where the first port number is less than or
equal to the second port number. The default is 0, which is all inclusive.
SourcePortRange
contains the port range of the remote hosts that are communicating
with the local 390 host.
Rule: Include a blank, a colon
(:), or a dash (-) as a delimiter.
- DestinationPortRange
- The remote port range. This field consists of two port numbers,
separated by a space, where the first port number is less than or
equal to the second port number. The default is 0, which is all inclusive.
DestinationPortRange
contains the address range of the remote hosts that are communicating
with the local 390 host.
Rule: Include a blank, a colon
(:), or a dash (-) as a delimiter.
- DaysOfWeekMask
- A mask of seven bits representing the days in a week (Sunday through
Saturday) that this policy rule is active. For example, 0111110 represents
weekdays. The default is all week.
- TimeOfDayRange
- A series of time intervals that indicate the time, expressed in
local time, during which this policy rule is active. Separate intervals
with a comma. You can specify hours and optional minutes, separated
by a colon. The values 0 and 24 both indicate midnight. Each interval
consists of two values separated by a dash. If the second value is
smaller than or equal to the first value, then the interval spans
midnight. For example, the following statement results in this policy
being active from 5:30 PM until 8:30 AM:
TimeOfDayRange 0-8:30, 17:30-24
You
can also configure the same time interval as follows: TimeOfDayRange 17:30-8:30
The
default is 24 hours.
- ServiceReference
- Indicates the name of a service category from a service category
statement (for example, interactive) that this policy rule uses. One
or more service category names can be specified to associate this
policy rule with different interfaces or different service policies
depending, for example, on the time when each of those service policies
are active.
Examples
Following is an example of the
ServicePolicyRules Version 1 statement.
Figure 1. Example of the ServicePolicyRules Version 1 statementServicePolicyRules V1Rule
{
PolicyScope Both
Direction Both
Permission Allowed
ProtocolNumber TCP
Interface 9.67.116.98
SourceAddressRange 9.67.100.7.9.67.100.11
DestinationPortRange 100-5000
DaysOfWeekMask 1111111
TimeOfDayRange 08:00-23:00
ServiceReference V1Action
}
Usage notes
The weight of ServicePolicyRules
is determined by the number of parameters that are specified in the
ServicePolicyRules. The parameters that affect this weight are:
- SourceAddressRange
- DestinationAddressRange
- SourcePortRange
- DestinationPortRange
- Interface
- ProtocolNumber
- Direction not equal to BOTH
- PolicyScope not equal to BOTH