Redirecting incoming traffic using advanced filters

Sometimes it is required to test traffic through an alternative path before committing to it and allows for testing and monitoring of a specific application. So, in VOSS it is possible to create an ACL which can redirect source and destination traffic to a next-hop which overrides the routes in the GRT.

Below is an example filter which I tested using a VSP VM in GNS3 that redirects traffic with a source IP 10.10.10.10 towards a destination IP 30.30.30.30 with a next-hop of 20.20.20.20. Verified it works by using the statistics on the ACL and Wireshark on the outbound link in the topology.

filter acl 1 type inVlan

filter acl vlan 1 10

filter acl ace 1 100

filter acl ace action 1 100 permit redirect-next-hop 20.20.20.20

filter acl ace action 1 100 permit count

filter acl ace ethernet 1 100 ether-type eq ip

filter acl ace ip 1 100 src-ip eq 10.10.10.10

filter acl ace ip 1 100 dst-ip eq 30.30.30.30

filter acl ace 1 100 enable

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s