Set Action

The Application Visibility Policy Set Action Screen contains a list of Actions that you can configure for the Policy (e.g., QoS, NAT). A Policy Action enables you to specify the treatment traffic is to receive when it flows. This includes the priority the traffic will receive, its minimum and maximum output rates, and the values to which specified bits in the frame headers will be set upon egress from the switch. When the Conditions specified by the Policy Condition are true, traffic will flow as specified by the Policy Action.

Click on an Action to display the configuration options for the Action. (Click again on the Action to close the Action.) When you have completed all of the parameters for the Action(s), click the Next button at the bottom of the screen or click on Validity Period on the left side of the screen to move to the next step. If necessary, you can also click the Back button to return to the screen.

Actions

A brief description of each Action is provided below. Click the hyperlink for each Action for detailed configuration instructions.

• QoS - Create an Action to specify QoS actions to impose on traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.
• NAT - Create an Action to specify Network Address Translation actions to impose on traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.
• PBR - Create an Action to specify the default IP address to be used for Policy Based Routing on traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.
• TCM - Create an Action to specify Tri-Color Marking (TCM) actions to impose on traffic that meets the configured policy condition(s). TCM provides a mechanism for policing network traffic by limiting the rate at which traffic is sent or received on a switch interface. TCM meters traffic based on user-configured packet rates and burst sizes and "marks" the metered packets as green, yellow, or red based on whether the traffic meets the configured rates. This "color marking" determines the packet's precedence when congestion occurs.
• Ports - Create an Action to specify QoS actions to impose on ports carrying traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.
• SIP - Create an Action to specify QoS actions to impose on ports carrying traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.

QoS

The QoS Policy Action option enables you to specify QoS actions to impose on traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.

• Disposition - Set the Action to Accept or Drop traffic that meets the configured condition(s).
• Quality of Service (QoS) Parameters - Specify the QoS priority the traffic will receive if it meets the configured condition(s).
  • Platinum priority provides the highest quality of service (and maps to a firmware priority of 7).
  • Gold provides the next-highest quality of service (and maps to a firmware priority of 5).
  • Silver provides the next-highest quality of service (and maps to a firmware priority of 3).
  • Bronze provides the same quality of service as best effort (and maps to a firmware priority of 1). A separate egress queue is maintained in the hardware for traffic of each different priority.
• Output Flow Settings
  • Min Output Rate (kbits/sec) -Specify the minimum amount of traffic, in kilobits-per-second, which is guaranteed to be transmitted from the port.
  • Max Output Rate (kbits/sec) - Specify the maximum amount of traffic, in kilobits-per-second, which is guaranteed to be transmitted from the port. Even if no other traffic exists, the output will be limited to the rate specified here.
• 802.1p Priority Level - If you want outgoing packets tagged with an 802.1p priority level, set the 802.1p Priority Level field to any value between 0 to 7 to specify the desired outgoing 802.1p priority for the traffic. A value of 7 indicates the highest priority and a value of 0 indicates the lowest priority. Note that for ports that are configured for 802.1q, this value is used in the 802.1q header and indicates the outgoing priority of the frame. When a frame is de-queued for transmission, it is assigned the priority of the queue and mapped to the outgoing 802.1p priority. This priority is combined with the VLAN group ID to create the 802.1p/q header for transmission. Note that if traffic matches the criteria specified by the policy condition, but the outgoing port does not support 802.1p tagging, the policy action will fail.
• Differentiated Services Code Point (DSCP) - DSCP is defined in RFC 2474. Differentiated Services defines the QoS treatment a frame is to receive from each network device. This is referred to as per-hop behavior. If you enable the Differentiated Services Code Point radio button, you can set the associated field to any value from 0 - 63 to specify the Differentiated Services byte value with which to tag frames upon egress from the switch.
• TOS Precedence - The TOS byte is defined in RFC 791. This byte contains two fields. The precedence field is the three high-order bits (0-2) and is used to indicate the priority for the frame. The type of service field (bits 3-6) defines the throughput, delay, reliability, or cost for the frame; however, in practice these bits are not used. If you enable the TOS Precedence radio button, set the associated field to any value from 0-7 to specify the value that will be inserted into the precedence field of the TOS byte upon egress from the switch. A value of 7 has the highest precedence and a value of 0 has the lowest precedence. Note that you can enable either the DSCP or the TOS Precedence radio button to specify the mechanism you want to use (if any) to convey QoS information in the IP header of frames. DSCP and TOS are mutually exclusive. You can use either DSCP or TOS, but not both

NAT

The NAT Policy Action option enables you to specify Network Address Translation actions to impose on traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.

• Source Rewrite IP Address - To include Source Rewrite IP in the NAT Policy condition, select Network Group to be used for policy condition from the Source Rewrite IP Address drop-down menu. You can also click on the Add icon to go to the Network Groups Screen and create a Network Group.
• Destination Rewrite IP Address - To include Destination Rewrite IP in the NAT Policy condition, select Network Group to be used for policy condition from the Destination Rewrite IP Address drop-down menu. You can also click on the Add icon to go to the Network Groups Screen and create a Network Group.

Note: Remember, when creating a condition (e.g., MAC, IP) for a NAT action you must specify a group in the condition. NAT will only work when both the condition and the action specify groups. To create a "one-to-many" condition and action, create a group with a single entry for the condition. Also note that the NAT Policy Action is not supported on OS6860 or OS6900 Switches.

PBR

The PBR Policy Action option enables you to specify the default IP address to be used for Policy Based Routing on traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.

• Permanent Gateway IP - To set a Permanent Gateway IP address for traffic that meets the condition(s), enter the default IP address in the PBR Permanent Gateway IP Address field.
• Alternate Gateway IP - To specify an alternate IP address for traffic that meets the policy condition(s), enter the alternate IP address in the PBR Alternate Gateway IP Address field. (Not supported on OS6860 or OS6900 Switches.)

Note: The OmniSwitch 6800/7000/8000/9000 series switches support the 802.1 priority, DSCP, and TOS. However, 6600 series switches do not. Please refer to the switch Release Notes for information on the specific QoS functions available on various current platforms and combinations of hardware/firmware.

TCM

The TCM Policy Action option enables you to specify Tri-Color Marking (TCM) actions action to impose on traffic that meets the configured policy condition(s). TCM provides a mechanism for policing network traffic by limiting the rate at which traffic is sent or received on a switch interface. TCM meters traffic based on user-configured packet rates and burst sizes and "marks" the metered packets as green, yellow, or red based on whether the traffic meets the configured rates. This "color marking" determines the packet's precedence when congestion occurs.

• Committed Traffic Policing
  • Committed Information Rate - The guaranteed bandwidth, in kbits-per-second, for all traffic that ingresses on the port.
  • Committed Burst Size - The maximum burst size, in bits-per-second, for all traffic that ingresses on the port.
• Peak Traffic Policing
  • Peak Information Rate - The maximum amount of bandwidth, in bits-per-second, for all traffic that ingresses on the port.
  • Peak Burst Size - The maximum burst size, in bits-per-second, for all traffic that ingresses on the port.

Ports

The Ports Policy Action option enables you to specify QoS actions to impose on ports carrying traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action. Select the applicable checkbox as described below and configure the mirroring slot/port.

Slot/Port Mirroring

The Slot/Port Mirroring fields are used to mirror ingress, egress, or both ingress and egress packets that match the policy condition to the specified port. Note that only one MTP session is supported at any given time. As a result, all mirroring policies should specify the same MTP port.

• Slot/Port Mirroring - For a non-Virtual Chassis (VC) Switch, enter the mirroring Slot and Port number and select the Traffic Direction from the drop-down menu (Ingress, Egress, Ingress/Egress).
• Chassis/Slot/Port Mirroring for VC Devices - For a VC Switch, enter mirroring Chassis ID , Slot, and Port, and select the Traffic Direction from the drop-down menu (Ingress, Egress, Ingress/Egress).

Slot/Port Redirection

The Slot/Port Redirection fields are used to redirect all traffic (flooded, bridged, routed, and multicast) matching a the policy condition to the specified port instead of the port to which the traffic was originally destined. Note that when redirecting routed traffic from VLAN A to VLAN B, the redirect port must belong to VLAN B (tagged or default VLAN). Also, routed packets (from VLAN A to VLAN B) are not modified after they are redirected; the source and MAC address remain the same. In addition, if the redirect port is tagged, the redirected packets will have a tag from the ingress VLAN A.

• Slot/Port Redirection - For a non-Virtual Chassis (VC) Switch, enter the Slot and Port number to which you want the traffic re-directed.
• Chassis/Slot/Port Redirection for VC Devices - For a VC Switch, enter the Chassis ID and Slot/Port or Link Aggregate, for the slot/port or link aggregate to which you want the traffic re-directed.

Port Disable Rule Match

Enable this option to administratively disable the source port of the traffic matching the policy condition(s).

SIP

The SIP Policy Action option enables you to specify QoS actions to impose on ports carrying traffic that meets the configured policy condition(s). When the conditions specified by the policy are true, traffic will flow as specified by the policy action.

• RTCP Monitoring - Enables/Disables monitoring of RTCP Marked traffic. If enabled, traffic meeting the configured condition(s) will be subjected to RTCP Monitoring.
• RTCP DSCP - The RTCP DSCP number is used as a prioritizing rate number for SIP PDUs. To apply an RTCP-DSCP number to traffic meeting the configured condition(s), enter a value (Range = 0 to 63, Default = 46).
• Trust DSCP - If enabled, traffic meeting the configured condition(s) will have the "Trust DSCP" function applied.

Note: The SIP feature is only supported on the following devices running AOS 6.4.5.R02 and later: 6850E (C24/24x/48/48X, P24/24X/48/48X,U24X), 6855 (U24x), 9700E (C-24/48, P24, U2/6/12/24), 9800E (C24/48, P24, U2/6/12/24).