Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

DPI PBR examples

The following sections describe how to forward video chat traffic in a policy route table, send VPN tunnel traffic into a corporate VRF, and block a specific type of application.

Forwarding video traffic

To forward video chat traffic in a policy route table, perform the following steps:

Table 1. Forwarding video chat traffic in a policy route table

Step

Command

Create rule 10 to accept IPv4 traffic.

vyatta@R1# set policy route pbr myroute1 rule 10 action accept
vyatta@R1# set policy route pbr myroute1 rule 10 address-family 'ipv4'

Specify the application type

vyatta@R1# set policy route pbr myroute1 rule 10 application type video_chat

Specify that all matching packets use alternate routing table 2.

vyatta@R1# set policy route pbr myroute1 rule 10 table 2

Specify the routing instance to route the traffic into.

vyatta@R1# set policy route pbr myroute1 rule 10 routing-instance corporate

Commit the change.

vyatta@R1# commit

Show the traffic forwarding configuration.

show policy route pbr 
pbr myroute1 {
        rule 10 {
                action accept
                address-family ipv4
                application {
                        type video_chat
                }
                table 2
        }
 }

Sending VPN tunnel traffic into the corporate VRF

To send VPN tunnel traffic into a VRF and then use the VRF's default routing table, perform the following steps:

Table 2. Sending VPN tunnel traffic into a VRF

Step

Command

Create rule 10 to accept IPv4 traffic.

vyatta@R1# set policy route pbr myroute2 rule 10 action accept
vyatta@R1# set policy route pbr myroute2 rule 10 address-family 'ipv4'

Specify the application type.

vyatta@R1# set policy route pbr myroute2 rule 10 application type vpn_tun

Specify the routing instance to route the traffic into.

vyatta@R1# set policy route pbr myroute2 rule 10 routing-instance corporate

Commit the change.

vyatta@R1# commit

Show the traffic forwarding configuration.

show policy route pbr
pbr myroute2 {
       rule 10 {
               action accept
               address-family ipv4
               application {
                       type vpn_tun
               }
               routing-instance corporate
       }
}
Note:

Since no table is configured, the routing instance's default routing table is used.  

Blocking a specific type of application

To block YouTube traffic, perform the following steps:

Table 3. Blocking YouTube traffic

Step

Command

Create rule 10 to drop IPv4 traffic.

vyatta@R1# set policy route pbr myroute3 rule 10 action drop
vyatta@R1# set policy route pbr myroute3 rule 10 address-family 'ipv4'

Specify the application name.

vyatta@R1# set policy route pbr myroute3 rule 10 application name youtube

Commit the change.

vyatta@R1# commit

Show the traffic forwarding configuration.

show policy route pbr
pbr myroute3 {
       rule 10 {
               action drop
               address-family ipv4
               application {
                       name youtube
               }
       }
}