Cisco ACE-4710-K9 Administration Guide - Page 121
loadbalance, policy, policy-map, first-match, all-match, multi-match
View all Cisco ACE-4710-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 121 highlights
Chapter 4 Configuring Class Maps and Policy Maps Class Map and Policy Map Overview The ACE supports a system-wide maximum of 4096 policy maps. A Layer 7 policy map is always associated within a Layer 3 and Layer 4 policy map to provide an entry point for traffic classification. Layer 7 policy maps are considered to be child policies and can only be nested under a Layer 3 and Layer 4 policy map. Only a Layer 3 and Layer 4 policy map can be activated on a VLAN interface; a Layer 7 policy map cannot be directly applied on an interface. For example, to associate a Layer 7 load-balancing policy map, you nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. Depending on the policy-map command, the ACE executes the action specified in the policy map on the network traffic as follows: • first-match-For policy-map commands that contain the first-match keyword, the ACE executes the specified action only for traffic that meets the first matching classification within a policy map. No additional actions are executed. • all-match-For policy-map commands that contain the all-match keyword, the ACE attempts to match a packet against all classes in the policy map and executes the actions of all matching classes associated with the policy map. • multi-match-For policy-map commands that contain the multi-match keyword, these commands specify that multiple sets of classes exist in the policy map and allow a multi-feature policy map. The ACE applies a first-match execution process to each class set in which a packet can match multiple classes within the policy map, but the ACE executes the action for only one matching class within each class set. The definition of which classes are in the same class set depends on the actions applied to the classes; the ACE associates each policy map action with a specific set of classes. Some ACE functions may be associated with the same class set as other features (for example, application protocol inspection actions would typically be associated with the same class set), while the ACE associates other features with a different class set. When there are multiple instances of actions of the same type configured in a policy map, the ACE performs the first action encountered of the same type that has a match. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-7