LxCIPtable VNF Configuration Settings
You can configure the LxCIPtable virtualized network function (VNF) from Configuration > Network Services > Service Name > Overview > Service Configuration.
Your service provider usually configures base settings for the virtual machine (VM) in which the virtualized network function (VNF) resides and you configure settings for the service, such as policies.
Use the information in the following tables to provide values for the available settings:
- Table 1 shows the base settings you can configure for the Linux container.
Note: Your service provider usually configures the base settings and you should not need to change them.
- Table 2 shows the firewall settings you can configure.
- Table 3 shows the Network Address Translation (NAT) settings you can configure.
Table 1: Fields for the LxCIP Base Settings
Field | Description |
|---|---|
Loopback Address | Specify a loopback IP address. Example: 192.0.2.10 |
Operation | Select add to apply the policies to a specific route or del to prevent use of the policies on specific routes. Example: add |
Route | Specify the IP prefix of the route to which the policies should apply. Example: 192.0.2.20/24 |
NextHop | Specify the IP address of a Contrail gateway network to which the VM connects. Example: 192.0.2.20 |
Table 2: Fields for the LxCIP Firewall Policy Settings
Field | Description |
|---|---|
Firewall Policies | |
Prevent SSH Brute | Select True to prevent SSH brute attacks or False to allow SSH brute attacks. Example: False |
Prevent Ping Flood | Select True to prevent ping flood attacks or False to allow ping flood attacks. Example: False |
Forwarding Rule Settings | |
Destination Address | Specify the destination IP address prefix that the network service uses as a match criterion for outgoing traffic. Example: 192.0.2.25/24 |
Operation | Select the operation, which applies to a chain of rules of the same type, from the drop-down list. The following options are available:
Example: append |
Source Address | Specify the source IP address prefix that the network service uses as a match criterion for outgoing traffic. Example: 192.0.2.20/24 |
Name | Specify the name for the rule. The field has no limit on the number of characters and accepts letters, numbers, and symbols. Example: vsrx-fw-policy |
Action | Select the action for the rule, which applies to all traffic that matches the specified criteria.
Example: accept |
Service | Specify the service that you want the rule to match. Example:
|
Type | Select the type of packet that the rule matches.
The application creates a chain of all rules with a particular type. Example: input |
Table 3: Fields for the LxCIP NAT Policy Settings
Field | Description |
|---|---|
Left Interface | Specify the name of the interface on which the network service enforces NAT for incoming traffic. Example: Eth1 |
Right Interface | Specify the name of the interface on which the network service enforces NAT for outgoing traffic. Example: Eth2 |
