About this guide

This document describes ACLs and policy-based routing for the Nokia Service Router Linux (SR Linux). Examples of commonly used commands are provided.

This document is intended for network technicians, administrators, operators, service providers, and others who need to understand how the router is configured.

Note:

This manual covers the current release and may also contain some content that will be released in later maintenance loads. See the SR Linux Release Notes for information on features supported in each load.

Configuration and command outputs shown in this guide are examples only; actual displays may differ depending on supported functionality and user configuration.

Precautionary and information messages

The following are information symbols used in the documentation.

DANGER: Danger warns that the described activity or situation may result in serious personal injury or death. An electric shock hazard could exist. Before you begin work on this equipment, be aware of hazards involving electrical circuitry, be familiar with networking environments, and implement accident prevention procedures.
WARNING: Warning indicates that the described activity or situation may, or will, cause equipment damage, serious performance problems, or loss of data.
Caution: Caution indicates that the described activity or situation may reduce your component or system performance.
Note: Note provides additional operational information.
Tip: Tip provides suggestions for use or best practices.

Conventions

Nokia SR Linux documentation uses the following command conventions.

  • Bold type indicates a command that the user must enter.

  • Input and output examples are displayed in Courier text.

  • An open right-angle bracket indicates a progression of menu choices or simple command sequence (often selected from a user interface). Example: start > connect to.

  • A vertical bar (|) indicates a mutually exclusive argument.

  • Square brackets ([ ]) indicate optional elements.

  • Braces ({ }) indicate a required choice. When braces are contained within square brackets, they indicate a required choice within an optional element.

  • Italic type indicates a variable.

Generic IP addresses are used in examples. Replace these with the appropriate IP addresses used in the system.

Platform considerations

The SR Linux documentation supports multiple platforms, including 7730 SXR, 7220/7250 IXR, and 7215 IXS. Most features described in the documentation work identically on all platforms that support SR Linux. However, some features may function differently based on the platform where SR Linux is running. For example, a feature may be supported on 7730 SXR, but not on other platforms, or there may be differences in how a feature works on 7730 SXR compared to other platforms.

  • If a feature is exclusive to a specific platform, it is noted in the topic title or within the text of the topic.

    For example, Attaching an ACL to a subinterface (7730 SXR systems) applies only to the 7730 SXR platform.

  • If a feature is supported on multiple platforms, but there are per-platform differences in how the feature works, these differences are described in the text.

    For example, Creating CPM filters provides configuration examples that apply to all supported platforms, as well as a configuration example that applies only to the 7730 SXR platform. In addition, the tables below summarize the per-platform differences.

  • (7730 SXR platform only) If a feature has been verified as functioning on the 7730 SXR platform in the same way as the 7220/7250 IXR platform, it is noted in the topic.

    For example, Logging ACL resource usage applies equally to the 7730 SXR platform as it does to the 7220/7250 IXR platform. The topic contains the note, "This feature is supported on both SXR and IXR platforms."

    This note does not imply that the feature is unsupported on other platforms.

7730 SXR platform considerations

The following table summarizes the considerations for ACL feature support on the 7730 SXR platform.

Table 1. ACL feature support on 7730 SXR systems
Feature 7730 SXR considerations See
IPv4/v6 interface filters 7730 SXR allows up to two IPv4 ACLs and two IPv6 ACLs applied to input traffic on the same subinterface. Attaching an ACL to a subinterface (7730 SXR systems)
ACL actions

Unsupported ACL actions on 7730 SXR:

  • log
  • rate-limit policer (CPM filters)

ACL actions supported only on 7730 SXR:

  • QoS forwarding-class
  • QoS profile
  • forward next-hop
  • collect-stats
 Supported ACL actions for 7730 SXR systems
CPM filters

A CPM filter can use a network-instance as a match condition.

 Creating CPM filters
MAC filters

Unsupported on 7730 SXR

 MAC ACLs
Packet capture filters

Unsupported on 7730 SXR

 Packet capture filters
System filters

Unsupported on 7730 SXR

 System filters
Rate limit action

The entry-specific parameter is set to false and cannot be configured.

To use a separate policer instance for a given ACL or ACL entry, you must create a unique policer object.

 Rate-limiting action for ACL filters
ACL statistics The collect-stats ACL action is used for collecting statistics for ACL filter entries instead of the statistics-per-entry setting. Collect-stats action
Traffic steering Traffic steering is configured using ACLs instead of policy-based forwarding (PBF) policies. Traffic steering using ACLs