IP, IPv6, and MAC filters can be configured from the VSD within the context of the Fully Dynamic XMPP provisioning model for VPRN and VPLS services.
The VSD filters or filter entries are intended for use in two DC environments.
The DC gateway services and filter policies in this DC environment are completely owned and self-managed by the Nuage VSD. In this model, the filter cannot be changed and, or deleted by any management or policy interface other than the VSD; changes are not saved in the configuration file.
To enable the VSD to configure a filter, the python setup script must contain a config filter ip/ipv6/mac-filter _tmnx_vsd_<filter_id> create statement. The VSD exclusively manages the removal and change of such filters.
The following excerpt shows an example setup script to create a filter.
def setup_script(vsdParams):
<snip>
filter_id = metadata[' filter']
<snip>
dyn.add_cli("""
config filter ip-filter _tmnx_vsd_%(filter_id)s create
entry 10 create
match protocol tcp
dst-port eq 80
exit
action
forward
exit
<snip>
The filter and point of embedding insertion in this DC environment is owned by a WAN controller. In this model, the entries in the embedded filter are populated by the VSD.
The WAN controller creates a filter and the embedding point (through a management interface other than the VSD) by using the config filter ip/ipv6/mac-filter <id> embed-filter vsd _tmnx_vsd_<filter-id> command. When this command is run, a filter with the name _tmnx_vsd_<filter-id> is auto-generated; the python scripts can use that name to create entries driven by the VSD.