IP Filters (Access-Lists)
IP Filters, are the rules that force the router to permit or to deny mentioned IP addresses, ports, protocols etc. from a source to a destinatio in Nokia (Formerly Alcatel-Lucent) world. IP Filters is known as Access-List (ACLs). But while working with Alcatel-Lucent devices, generally IP Filter definition is used.
IP Filters are created once and then they can be used in different interfaces. IP Filters can be associated with an interface inbound , outbound or both directions. Here, inbound means that the traffic coming to that interface from outside. And outbound means, the traffic will go from that interface. As summary, the first one prevent to enter the router, the other prevent to go outside the router.
Think about the below IP Filter summary. As you can see below, SR2 has two interfaces and each interface has its own inbound and outbound filters.
Left SR2 Interface (Interface toSR1) has inbount filter that permit traffic A and drop traffic X that are coming from SR1. This interface also has an outbound filter that permit traffic B and drop traffic Y before going out the router.
Like left interface, right interface of SR2 (Interface to SR3) has two filters. Here, inbound filter permits both traffic B and traffic Y. They are in SR2 now. And outbound filter permit traffic A, so the traffic A can go to the SR3. But it drops traffic X. This is unnecessary line. Because traffic X dropped at the inbound interface of left Interface.
We have talked about SAPs (Service Access Points) in Nokia Service Routers. IP Filters are associated with this SAPs. If IP Filter is added to the SAP inbound direction, it effect the traffic that comes to the router. If it is added to the SAP outbound direction, then it effect the traffic that is send from the router. But here there is an important note. Only one IP Filter can be add to a SAP in one direction. So, there can be maximum two IP Filter associated with a SAP. One for inbound direction and one for outbound direction.
By default SAPs do not restrict any traffic. But if you associate an IP Filter, then it allows the permitted traffic and restricts the remainnigs. To do this, in an IP Filter, rules are created. In this rules, there is a match case and an action case. If a match case match with a traffic, then the action case is done. According to these rules, traffic is dropped or forwarded to the destination.
In an IP Filter, firstly the top rule is checked. If it is match, the action is done. If not, then second rule is chekced. If none of the rules match, then the traffic is dropped.
Beside IP, MAC filters can also be used. 65535 IP and 65535 MAC filter can be defined.
Let’s see how to configure IP Filters, for Nokia (Formerly Alcatel-Lucent) Service Routers.