|
assured forwarding (AF)
|
CoS packet forwarding class that provides a group of values you can
define and includes four subclasses, AF1, AF2, AF3, and AF4, each with three
drop probabilities, low, medium, and high.
|
|
behavior aggregate (BA) classifier
|
Feature that can be used to determine the forwarding treatment for each
packet. The BA classifier maps a code point to a loss priority. The loss priority
is used later in the work flow to select one of the two drop profiles used
by random early detection (RED).
|
|
best-effort (BE)
|
CoS packet forwarding class that provides no service profile. For the
BE forwarding class, loss priority is typically not carried in a code point,
and random early detection (RED) drop profiles are more aggressive.
|
|
class of service (CoS)
|
Method of classifying traffic on a packet-by-packet basis, using information
in the type-of-service (TOS) byte to assign traffic flows to different service
levels.
|
|
Differentiated Services (DiffServ)
|
Services based on RFC 2474, Definition of the Differentiated
Services Field (DS Field) in the IPv4 and IPv6 Headers. The DiffServ
method of CoS uses the type-of-service (ToS) byte to identify different packet
flows on a packet-by-packet basis. DiffServ adds a Class Selector code point
(CSCP) and a DiffServ code point (DSCP).
|
|
DiffServ code point (DSCP)
|
Values for a 6-bit field defined in IP packet headers that can be used
to enforce class-of-service (CoS) distinctions in a Services Router.
|
|
drop profile
|
Drop probabilities for different levels of buffer fullness that are
used by random early detection (RED) to determine from which Services Router scheduling
queue to drop packets.
|
|
expedited forwarding (EF)
|
CoS packet forwarding class that provides end-to-end service with low
loss, low latency, low jitter, and assured bandwidth.
|
|
firewall filter
|
See stateful firewall filter; stateless
firewall filter.
|
|
multifield (MF) classifier
|
Firewall filter that scans through a variety of packet fields to determine
the forwarding class and loss priority for a packet and polices traffic to
a specific bandwidth and burst size. Typically, a classifier performs matching
operations on the selected fields against a configured value.
|
|
network address port translation (NAPT)
|
Method of concealing a set of host ports on a private network behind
a pool of public addresses. It can be used as a security measure to protect
the host ports from direct targeting in network attacks.
|
|
Network Address Translation (NAT)
|
Method of concealing a set of host addresses on a private network behind
a pool of public addresses. It can be used as a security measure to protect
the host addresses from direct targeting in network attacks.
|
|
network control (NC)
|
CoS packet forwarding class that is typically high priority because
it supports protocol control.
|
|
PLP bit
|
Packet loss priority bit. Used to identify packets that have experienced
congestion or are from a transmission that exceeded a service provider's customer
service license agreement. A Services Router can use the PLP bit as part
of a congestion control strategy. The bit can be configured on an interface
or in a filter.
|
|
policer
|
Feature that limits the amount of traffic passing into or out of an
interface. It is an essential component of firewall filters that is designed
to thwart denial-of-service (DoS) attacks. A policer applies rate limits on
bandwidth and burst size for traffic on a particular Service Router interface.
|
|
policing
|
Applying rate and burst size limits to traffic on an interface.
|
|
random early detection (RED)
|
Gradual drop profile for a given class, used for congestion avoidance.
RED attempts to anticipate congestion and reacts by dropping a small percentage
of packets from the head of a queue to prevent congestion.
|
|
rule
|
Guide that the Services Router follows when applying services. A
rule consists of a match direction and one or more terms.
|
|
service set
|
Collection of services. Examples of services include stateful firewall
filters and Network Address Translation (NAT).
|
|
stateful firewall filter
|
Type of firewall filter that evaluates the context of connections, permits
or denies traffic based on the context, and updates this information dynamically.
Context includes IP source and destination addresses, TCP port numbers, TCP
sequencing information, and TCP connection flags.
|
|
stateless firewall filter
|
Type of firewall filter that statically evaluates the contents of packets
transiting the router, and packets originating from, or destined for,
the router. Information about connection states is not maintained.
|
|
term
|
Firewall filters contain one or more terms that specify filter match
conditions and actions.
|
|
trusted network
|
Network from which all originating traffic can be trusted—for
example, an internal enterprise LAN. Stateful firewall filters allow traffic
to flow from trusted to untrusted networks.
|
|
untrusted network
|
Network from which all originating traffic cannot be trusted—for
example, a WAN. Unless configured otherwise, stateful firewall filters do
not allow traffic to flow from untrusted to trusted networks.
|