LxCIPtable VNF Configuration Settings
Service providers configure base settings for a VNF. Customers should not change these values unless directed to do so by their service provider. Service providers may provide some generic examples of service configurations for their customers. Customers can configure services—for example, by creating policies—appropriate to their networks in Customer Portal.
Use the information in the following tables to provide values for the available settings:
The tables are applicable for centralized deployment model only.
Table 1 shows the base settings you can configure for the Linux container.
Table 2 shows the firewall settings you can configure.
Table 3 shows the Network Address Translation (NAT) settings you can configure.
Table 1: Fields for the LxCIP Base Settings
Specify a loopback IP address.
Select add to apply the policies to a specific route or del to prevent use of the policies on specific routes.
Specify the IP prefix of the route to which the policies should apply.
Specify the IP address of a Contrail gateway network to which the VM connects.
Table 2: Fields for the LxCIP Firewall Policy Settings
Prevent SSH Brute
Select True to prevent SSH brute attacks or False to allow SSH brute attacks.
Prevent Ping Flood
Select True to prevent ping flood attacks or False to allow ping flood attacks.
Forwarding Rule Settings
Specify the destination IP address prefix that the network service uses as a match criterion for outgoing traffic.
Select the operation, which applies to a chain of rules of the same type, from the drop-down list. The following options are available:
Specify the source IP address prefix that the network service uses as a match criterion for outgoing traffic.
Specify the name for the rule. The field has no limit on the number of characters and accepts letters, numbers, and symbols.
Select the action for the rule, which applies to all traffic that matches the specified criteria.
Specify the service that you want the rule to match.
Select the type of packet that the rule matches.
The application creates a chain of all rules with a particular type.
Table 3: Fields for the LxCIP NAT Policy Settings
Specify the name of the interface on which the network service enforces NAT for incoming traffic.
Specify the name of the interface on which the network service enforces NAT for outgoing traffic.