Technical Documentation

Configuring Flow Route (NSM Procedure)

Flow routes provide traffic filtering and rate-limiting capabilities much like firewall filters. You can propagate flow routes across different autonomous systems. A flow route is an aggregation of match conditions for IP packets. Flow routes are propagated through the network using flow-specific network-layer reachability information (NLRI) messages and are maintained in the flow routing table. Packets can travel through flow routes only if specific match conditions are met. Flow routes and firewall filters are similar in that they filter packets based on packet components and perform an action on the packets that match.

To configure a flow route in NSM:

  1. In the navigation tree, select Device Manager > Devices .
  2. In the Devices list, double click the device to select it.
  3. Click the Configuration tab.
  4. In the configuration tree, expand Routing Options.
  5. Select Flow.
  6. Add or modify the parameters as specified in Table 1.
  7. Click one:
    • OK—To save the changes.
    • Cancel—To cancel the modifications.
    • Apply—To apply the routing option settings.

Note: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information.

Table 1: Flow Route Fields

Option

Function

Your Action

Comment

Specifies the comment for the flow route.

Enter a comment.

Route

Name

Specifies the name of the flow route.
  1. Expand the Flow tree and select Route.
  2. Click the New button or select a flow route and click the Edit button.
  3. Enter the flow route name.

Comment

Specifies the comment for the flow route.
  1. Expand the Flow tree and select Route.
  2. Click the New button or select a flow route and click the Edit button.
  3. Enter the comment for the flow route.

Match

Specifies the conditions that the packet must match for the packet to be included in flow route. Match conditions are:

  • Destination Port
  • DSCP
  • Fragment
  • Icmp Code
  • Icmp Type
  • Packet Length
  • Port
  • Protocol
  • Source Port
  • Tcp Flag
  1. Expand the Route tree and select Match.
  2. Enter a comment for Comment, a destination address for Destination, and a source address for Source.
  3. Configure the match conditions.

Then

Enables you to specify the action to take if the packet matches the conditions you have configured in the flow route.

  1. Expand the Route tree and select Then.
  2. Configure the then conditions for the packet.

Validation

Comment

Specifies a comment for the validation procedure. Flow routes are installed into the flow routing table only if they have been validated using the validation procedure.

  1. Expand the Flow tree and select Validation.
  2. Enter the comment for the validation procedure.

Traceoptions

Enables you to define tracing operations that track all routing protocol functionality in the device and specify that tracing results be saved in a log file. You can configure the tracing flag, filter, and the tracing policy.

  1. Expand the Validation tree and select Traceoptions.
  2. Expand the Traceoptions tree and configure the file and flag parameters, and the tracing policy.

Published: 2009-08-23