Example: Combined IPv4 and IPv6 Service in a Dual Stack Service Definition

The following example explains how to create a combined IPv4 and IPv6 service in a dual stack.

Requirements

This example uses the following software and hardware components:

Overview

When you configure a combined IPv4 and IPv6 service in a dual stack, the policies defined in the interface profile are attached to the appropriate interfaces based on the type of the interface. For example, all IPv4 policies are attached to the IPv4 interface and all IPv6 policies are attached to the IPv6 interface.

Figure 5 shows a topology in which the C-VLAN interface on the customer edge device is connected to the ingress IPv4 and IPv6 interfaces on the provider edge or E Series router. A combined IPv4/IPv6 service, which contains a hierarchical policy and an external parent group with a rate-limit profile that is associated with the hierarchical policy, is applied at the secondary input stage on the router. The incoming voice-over-IP classified traffic flows for IPv4 and IPv6 subscribers are allocated a total of 64 Kbps. The common rate limit cannot drop voice-over-IP packets, but must limit the total flow (for IPv4 and IPv6 interfaces) to 64 Kbps.

Figure 5: Input Traffic Flow with Rate-Limit Profile on an External Parent Group for a Combined IPv4/IPv6 Service

Input Traffic Flow with
Rate-Limit Profile on an External Parent Group for a Combined IPv4/IPv6
Service

Similarly, for traffic flowing from the provider edge device to the C-VLAN interface for voice-over-IP packets, Figure 6 shows how the rate-limit profile in the external parent group associated with a hierarchical policy parameter applied to the egress IPv4 and IPv6 interfaces limits the voice-over-IP traffic flowing to the C-VLAN interface on the customer edge device.

Figure 6: Output Traffic Flow with Rate-Limit Profile on an External Parent Group for a Combined IPv4/IPv6 Service

Output Traffic Flow with
Rate-Limit Profile on an External Parent Group for a Combined IPv4/IPv6
Service

Creating a Combined IPv4 and IPv6 Service

Step-by-Step Procedure

The following example shows the service macro definition file that creates a voice-over-IP service for the topology described above.

<# combined_service(inBw, outBw, VBG1, VB6G1, NODE) #>

<# uid := app.servicemanager.getUniqueId #>
<# genericName := "combined-service-" $ uid #>
<# SAClaclName := genericName $ "SA" #>
<# profileName := genericName #>


policy-parameter v4v6-<# uid #> hierarchical
 aggregation-node <# NODE #><# '\n' #>
  
rate-limit-profile rlpv4v6-<# genericName #>-vb-out one-rate hier
committed-rate <# outBw #><# '\n' #>
committed-action transmit unconditional
conformed-action transmit unconditional

rate-limit-profile rlpv4v6-<# genericName #>-vb-in one-rate hier
committed-rate <# inBw #><# '\n' #>
committed-action transmit unconditional
conformed-action transmit unconditional


parent-group vb-v4v6-<# uid #>-in
 rate-limit-profile rlpv4v6-<# genericName #>-vb-in

parent-group vb-v4v6-<# uid #>-out
 rate-limit-profile rlpv4v6-<# genericName #>-vb-out


classifier-list cl46-4-<# genericName #>-vb-in ip any host <# VBG1 #> <# '\n' #>
classifier-list cl46-4-<# genericName #>-vb-out ip host <# VBG1 #> any

ipv6 classifier-list cl46-6-<# genericName #>-vb-in destination-host <# VB6G1 #><# '\n' #>
ipv6 classifier-list cl46-6-<# genericName #>-vb-out source-host <# VB6G1 #><# '\n' #>


ip policy-list pl-v4v6-<# genericName #>-in
 classifier-group cl46-4-<# genericName #>-vb-in external parent-group vb-v4v6-<# uid #>-in parameter v4v6-<# uid #><# '\n' #>
  forward
 

ip policy-list pl-v4v6-<# genericName #>-out
 classifier-group cl46-4-<# genericName #>-vb-out  external parent-group vb-v4v6-<# uid #>-out parameter v4v6-<# uid #><# '\n' #>
  forward


ipv6 policy-list pl6-v4v6-<# genericName #>-in
 classifier-group cl46-6-<# genericName #>-vb-in external parent-group vb-v4v6-<# uid #>-in parameter v4v6-<# uid #><# '\n' #>
  forward

ipv6 policy-list pl6-v4v6-<# genericName #>-out
 classifier-group cl46-6-<# genericName #>-vb-out external parent-group vb-v4v6-<# uid #>-out parameter v4v6-<# uid #><# '\n' #>
  forward

 
profile <# profileName #><# '\n' #>
 ip policy output pl-v4v6-<# genericName #>-out statistics enabled merge
 ip policy secondary-input pl-v4v6-<# genericName #>-in statistics enabled merge
 ipv6 policy output pl6-v4v6-<# genericName #>-out statistics enabled merge
 ipv6 policy secondary-input pl6-v4v6-<# genericName #>-in statistics enabled merge

<# env.setResult("activate-profile", profileName) #>
<# env.setResult("service-interface-type", "ipv4-ipv6") #>
<# env.setResult("secondary-input-stat-epg", "vb-v4v6-"$ uid $"-in v4v6-"$ uid $"") #>
<# env.setResult("output-stat-epg", "vb-v4v6-"$ uid $"-out v4v6-"$ uid $"") #>
<# endtmpl #>



In the service definition macro, a hierarchical policy parameter for the rate limit is created with an aggregation node value. The aggregation node stores a single rate-limit instance and statistics for this rate-limit. An external rate-limit aggregation node can be defined by the 4-tuple (slot, direction, external parent group name, parameter value). Each reference to a policy parameter in a policy is substituted with its value for all attachments of this policy at the interface.

Two rate-limit profiles are created, one each for the ingress and egress interfaces. Rate limiters are implemented using a dual token bucket scheme: a token bucket for conformed (yellow) packets and a token bucket for committed (green) packets. The following are the attributes configured in the rate-limit profile applied to ingress and egress interfaces:

Two external parent groups, one each for the ingress and egress interfaces, that reference the rate-limit profiles created for incoming and outgoing traffic, are created and specified in the service definition.

Classifier control lists for ingress IPv4 and IPv6 traffic, and for egress IPv4 and IPv6 traffic, are also created. These classifiers classify traffic based on source and destination addresses.

The input and output classifier lists for IPv4 traffic are used in IP policy lists that are attached to the ingress and egress IPv4 interfaces respectively. The input and output classifier lists for IPv6 traffic are used in IPv6 policy lists that are attached to the ingress and egress IPv6 interfaces respectively. The external parent-group keyword creates an external parent group in a rate-limit hierarchy for IPv4 and IPv6. All packets matching the classifier are sent to the parent group for further processing.

The policy lists for voice-over-IP traffic are configured in the service definition macro file that creates a combined IPv4/IPv6 service to be applied to the ingress IPv4 and IPv6 interfaces.

A profile is created that you want to attach to the service session. The IPv4 and IPv6 policies for voice-over-IP traffic arriving at the IPv4 and IPv6 interfaces respectively are applied to the secondary input stage. The IPv4 and IPv6 policies for voice-over-IP traffic leaving the IPv4 and IPv6 interfaces respectively are applied to the output stage. Statistics collection is enabled for the policies referenced in the service macro using the statistics enabled keyword in the command used for policy attachment in the profile. The merge keyword enables merging of multiple policies to form a single policy.

The <# env.setResult("activate-profile", profileName) #> command specifies the interface profile to be used on activation of the interface. After the subscriber service session is activated, the policies defined in the interface profile are applied to both IPv4 and IPv6 interfaces. The elements in the profile to be attached to the interfaces are determined by the type of the interface.

The <# env.setResult("service-interface-type", "ipv4-ipv6") #> command configures the service macro to be used for IPv4 and IPv6 interfaces in a dual stack. The profile identifier returned from the activate-profile object will be applied to both IPv4 and IPv6 interfaces.

The service definition macro is configured to collect input and output statistics associated with external parent groups in a hierarchical policy for IPv4 and IPv6 subscribers as follows:

<# env.setResult("secondary-input-stat-epg", "vb-v4v6-"$ uid $"-in v4v6-"$ uid $"") #> <# env.setResult("output-stat-epg", "vb-v4v6-"$ uid $"-out v4v6-"$ uid $"") #>

The <# env.setResult("secondary-input-stat-epg", "vb-v4v6-"$ uid $"-in v4v6-"$ uid $"") #> command specifies that Service Manager track statistics associated with the external parent group named vb-v4v6-in and the corresponding hierarchical policy named v4v6, and that this external parent group is associated with the policy that is attached at the input stage.

The <# env.setResult("output-stat-epg", "vb-v4v6-"$ uid $"-out v4v6-"$ uid $"") #> command specifies that Service Manager track the output statistics associated with the external parent group named vb-v4v6-out and the corresponding hierarchical policy named v4v6, which is associated with the policy attached at the output stage.

The input and output statistics associated with the external parent group are collected and forwarded to the Service Manager to be displayed in the Acct-Stop and Interim-Acct messages.

If you use the secondary-input-stat-clacl and output-stat-clacl objects in the service macro to track Service Manager statistics, the values returned in the output of the show service-management command do not accurately reflect the packets that are rate-limited. In this case, although some of the packets that were classified by the classifier lists are dropped by the rate-limiter on the external parent group, the Service Manager statistics collection application counts all the packets that were classified without excluding those that were dropped by the rate limiter. As a result, the values returned by the output-stat-clacl and secondary-input-stat-clacl objects represent more packets than those sent to the subscriber and core interfaces respectively.

Using the macro that has been described here, you can configure the following combined service, for example:

combined_service(64000, 64000, 10.0.0.1, 2001::1, vlan)

where

Related Documentation