Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

DPI PBR examples

The following sections describe how to forward video chat traffic in a policy route table, send VPN tunnel traffic into a corporate VRF, and block a specific type of application.

Forwarding video traffic

To forward video chat traffic in a policy route table, perform the following steps:

Table 1. Forwarding video chat traffic in a policy route table

Step

Command

Create rule 10 to accept IPv4 traffic.

vyatta@R1# set policy route pbr myroute1 rule 10 action accept
vyatta@R1# set policy route pbr myroute1 rule 10 address-family 'ipv4'

Specify the application type

vyatta@R1# set policy route pbr myroute1 rule 10 application type video_chat

Specify that all matching packets use alternate routing table 2.

vyatta@R1# set policy route pbr myroute1 rule 10 table 2

Specify the routing instance to route the traffic into.

vyatta@R1# set policy route pbr myroute1 rule 10 routing-instance corporate

Commit the change.

vyatta@R1# commit

Show the traffic forwarding configuration.

show policy route pbr 
pbr myroute1 {
        rule 10 {
                action accept
                address-family ipv4
                application {
                        type video_chat
                }
                table 2
        }
 }

Sending VPN tunnel traffic into the corporate VRF

To send VPN tunnel traffic into a VRF and then use the VRF's default routing table, perform the following steps:

Table 2. Sending VPN tunnel traffic into a VRF

Step

Command

Create rule 10 to accept IPv4 traffic.

vyatta@R1# set policy route pbr myroute2 rule 10 action accept
vyatta@R1# set policy route pbr myroute2 rule 10 address-family 'ipv4'

Specify the application type.

vyatta@R1# set policy route pbr myroute2 rule 10 application type vpn_tun

Specify the routing instance to route the traffic into.

vyatta@R1# set policy route pbr myroute2 rule 10 routing-instance corporate

Commit the change.

vyatta@R1# commit

Show the traffic forwarding configuration.

show policy route pbr
pbr myroute2 {
       rule 10 {
               action accept
               address-family ipv4
               application {
                       type vpn_tun
               }
               routing-instance corporate
       }
}
Note:

Since no table is configured, the routing instance's default routing table is used.  

Blocking a specific type of application

To block YouTube traffic, perform the following steps:

Table 3. Blocking YouTube traffic

Step

Command

Create rule 10 to drop IPv4 traffic.

vyatta@R1# set policy route pbr myroute3 rule 10 action drop
vyatta@R1# set policy route pbr myroute3 rule 10 address-family 'ipv4'

Specify the application name.

vyatta@R1# set policy route pbr myroute3 rule 10 application name youtube

Commit the change.

vyatta@R1# commit

Show the traffic forwarding configuration.

show policy route pbr
pbr myroute3 {
       rule 10 {
               action drop
               address-family ipv4
               application {
                       name youtube
               }
       }
}