AQP actions

An AQP action consists of the following action types. Multiple actions are supported for each rule entry (unlike ip-filters):

• dual or single-bucket bandwidth rate limit policer

• drop (discard)

• error drop

• flow count limit policer

• flow setup rate limit policer

• fragment drop

• HTTP enrichment

• HTTP error redirect

• HTTP notification

• HTTP redirect

• HTTPS redirect

• source mirror for an existing mirror service

• remark QoS (one or a combination of discard priority, forwarding class name, DSCP). When applied, ingress marked FC and discard priority is overwritten by AA ISA and the new values are used during egress processing (for example, egress queueing or egress policy DSCP remarking). For MPLS class-based forwarding, ingress-marked FC is still used to select an egress tunnel.

• none (monitor and report only)

• session filter

• URL-Filter (ICAP or web-service based URL filtering)

• GTP filter

• SCTP filter

• TCP MSS adjust

  The value entered should be the MSS value needed for IPv4 packets. IPv6 packets are automatically adjusted to 20 bytes less reflecting the larger IP header.

• TCP validate

Any flow diverted to an ISA group is evaluated against all entries of an AQP defined for that group at flow creation (default policy entries), application identification completion (all entries), and an AA policy change (all flows against all entries as a background task). Any one flow can match multiple entries, in which case multiple actions are selected based on the AQP entry’s order (lowest number entry, highest priority) up to a limit of:

• 1 drop action

• Any combination of (applied only if no drop action is selected):

  • up to 1 mirror action

  • up to 1 FC, 1 priority and 1 DSCP remark action

  • up to 4 BW policers

  • up to 12 flow policers

AQP entries the IP flow matched, that would cause the above per-IP-flow limits to be exceeded are ignored (no actions from that rule are selected).

Examples of some policy entries may be:

• Limit the subscriber to 20 concurrent Peer To Peer (P2P) flows max.

• Rate limit upstream total P2P application group to 400 kb/s.

• Remark the voice application group to EF.