152
EPICenter Concepts and Solutions Guide
Policy Manager Overview
an IP address. If you specify a group resource as an endpoint, only the resources within the group (and
its subgroups) that can be mapped to an IP or subnet address will be used as policy endpoints.
You can also further define the server-side traffic endpoints by specifying a named application or
service, which translates to a protocol and L4 port, or by directly specifying a protocol and L4 port
range. The EPICenter Policy Manager currently supports TCP and UDP as L4 protocols. In some cases
you can also specify client-side L4 ports. The ICMP protocol is not currently supported.
The Policy Manager determines the traffic flows of interest based on the combination of endpoints and
direction you have specified, and creates a set of IP QoS rules that can be implemented in the
appropriate network devices.
Figure 67 shows the effects of a bi-directional IP policy specified between server Iceberg and clients A,
B, and C. The policy scope includes all three switches. The effect of this policy is that IP QoS rules are
implemented for six traffic flows on each switch: from the server to each of the three clients, and from
each client to the server.
Although not shown in this diagram, you can specify multiple servers as well as multiple clients.
Figure 67: IP QoS policy
Unlike the VLAN and source port policy types, Security and IP policies specifies a traffic flow between
two endpoints, and that traffic may travel through multiple network devices between those two
endpoints. Thus, to protect the specified traffic along the entire route, the policy should be implemented
on all the devices between the two endpoints. This is done by including these devices in the policy
scope. On each device along the route, the traffic is identified based on the endpoint definitions (the IP
address, protocols, and L4 ports), and is assigned to the specified QoS profile on that device.
The diagrams shown in Figure 68 illustrate how the traffic flows are generated for the example shown
in Figure 67.
The EPICenter Policy Manager lets you specify the policy traffic flow in terms of named components.
Therefore, you can specify server “Iceberg” as the server endpoint, and clients “A,” “B,” and “C” as
client endpoints. In addition, you can indicate that the traffic from the server should be filtered only to
include traffic generated by the Baan application, which translates to TCP traffic originating from L4
port 512. Ports are not specified for the clients.
XM_016
Application:
Baan
(TCP, L4 port 512)
Server
Iceberg
Policy scope
Client C
Client B
Client A
Содержание EPICenter 5.0
Страница 12: ...12 EPICenter Concepts and Solutions Guide Preface...
Страница 76: ...76 EPICenter Concepts and Solutions Guide Managing your Network Assets...
Страница 92: ...92 EPICenter Concepts and Solutions Guide Managing VLANs...
Страница 116: ...116 EPICenter Concepts and Solutions Guide Managing Wireless Networks...
Страница 146: ...146 EPICenter Concepts and Solutions Guide VoIP and EPICenter Avaya Integrated Management...
Страница 163: ...Appendices...
Страница 164: ......
Страница 178: ...178 EPICenter Concepts and Solutions Guide Troubleshooting...