Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Merging Policies Overview

    Merging policies enables you to create multiple policy attachments at an attachment point, resulting in a merged policy that is created and attached at this interface. Executing more than one policy attachment command with the same attachment type at an interface triggers a policy merge through the CLI.

    In Profile Configuration mode, policy interface commands for IP and L2TP allow attachments to be merged into any existing merge-capable attachment at an attachment point. Service Manager can request that multiple interface profiles be applied or removed at an interface as part of service activation or deactivation. Service Manager also specifies whether or not the attachments created from these interface profiles are persistent on subsequent reloads.

    An interface and an attachment type identify an attachment point. The policies referenced by the component attachments merge into a new policy, which then attaches at the attachment point. The set of component policies are ordered alphabetically by name. This order determines how any merge conflicts are resolved, with the most recently executed command taking precedence.

    With policy merging, a set of policies is combined to form a single new policy, which is a union of all the component policies. Classifier groups and policy rules from each component combine to create the merged policy as in the following example:

    host1(config)#interface atm 5/0.1 host1(config-subif)#ip policy input p1 statistics enable merge host1(config-subif)#ip policy input p2 statistics enable merge host1(config-subif)#ip policy input p3 statistics enable merge host1(config-subif)#ip policy output p4 statistics enable merge host1(config-subif)#ip policy output p5 statistics enable merge host1(config-subif)#exit

    The example internally results in the following, where policies p1 + p2 + p3 = mpl_10 and policies p4 + p5 = mpl_11.

    interface atm 5/0.1ip policy input mpl_10 statistics enable mergeip policy output mpl_11 statistics enable mergeexit

    The classifier list referenced by the classifier group is neither split or merged. If a merged policy already exists for a set of component policies, then the merged policy is used for the attachment. An attachment enables a merged policy to have one or more attachments.

    The CLI and the Service Manager applications are the only clients of policy management that can request merging of policy attachments. With policy merging, classifier groups and policy rules from each component policy combine into the merged policy.

    Policy merging follows these rules:

    • The Classifier list referenced by the classifier group cannot be split or merged.
    • Policy merging combines classifier groups from all component policies into the merged policy. In the previous example, policies p1, p2, and p3 are the component policies and mpl_10 is the merged policy. The merge policy is created as if all CLI commands for each component policy are run in the context of the merged policy. The merged policy result is the sum of all commands executed in the respective component policies CLI context in a predetermined merge order.
    • If a merged policy already exists for a set of component policies, the merged policy is used for the attachment instead of creating a new one. This functionality allows a merged policy to have one or more attachments. A merge policy is automatically deleted when the last reference is removed.

    The following restrictions apply to policy merging:

    • Classifier lists cannot be merged.
    • Secure policies cannot be merged.
    • Policies created using ascend-data-filters cannot be merged.
    • Existing policy VSAs in RADIUS are not changed; attachments created by this method cannot be merged. Ascend data filter policies can be attached at input and output attachment points.
    • SNMP support for polling statistics based on component policy attachments is not available.
    • The merge policy naming convention is not configurable.

    Published: 2014-08-14