Kaspersky SD-WAN
2.1
English
Quality of Service (QoS)  >  Traffic classification rules  >  Creating a traffic classification rule

Creating a traffic classification rule

To create a traffic classification rule:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Traffic filters section.

    A table of traffic filters is displayed.

  4. Select the Rules tab.

    A table of traffic classification rules is displayed.

  5. In the upper part of the page, click + Qualification rule.
  6. This opens a window; in that window, in the Name field, enter the name of the traffic classification rule.
  7. On the L2 fields tab, select the check boxes next to the L2 fields whose values the rule must use to identify traffic in the overall data stream. If the check box is selected, enter or select the required value. You can use the values of the following fields to identify traffic:
    • Outer VLAN ID – range of values: 1 to 2,094.
    • Outer VLAN PCP — range of values: 0 to 7.
    • Source MAC.
    • Source MAC mask.
    • Destination MAC.
    • Destination MAC mask.
    • Ethertype — possible values:
      • 0x0800 (selected by default)
      • 0x86dd
      • 0x0806
  8. On the L3 fields tab, select the check boxes next to the L3 fields whose values the rule must use to identify traffic in the overall data stream. If the check box is selected, enter or select the required value. You can use the values of the following fields to identify traffic:
    • Protocol — Possible values:
      • IPv4
      • IPv6
    • Source IP — IPv4 address or IPv6 address depending on the selected protocol
    • Source IP prefix length — Range of values for the IPv4 address: from 0 to 32; for IPv6 address: from 0 to 128
    • Destination IP — IPv4 address or IPv6 address depending on the selected protocol
    • Destination IP prefix length — Range of values for the IPv4 address: from 0 to 32; for IPv6 address: from 0 to 128
    • DSCP
    • TOS
  9. On the L4 fields tab, select the check boxes next to the L4 fields whose values the rule must use to identify traffic in the overall data stream. If the check box is selected, enter or select the required value. You can use the values of the following fields to identify traffic:
    • IP protocol
    • Source port list
    • Destination port list
    • ICMP type number
  10. On the DPI tab, select the application whose traffic the rule must identify in the overall data stream:
    1. Select the Application check box.
    2. In the drop-down list, select the application.

    DPI (Deep Packet Inspection) classification is not supported for traffic generated by CPE devices.

  11. Click Create.

The traffic classification rule is created and displayed in the table.

You can use a traffic classification rule when creating a traffic filter.

Example of a created traffic classification rule:

You can create a traffic classification rule with the following parameters:

  • On the L2 fields tab, in the Outer VLAN ID field, enter 1.
  • On the L2 fields tab, in the Outer VLAN PCP field, enter 3.
  • On the L3 fields tab, in the Protocol drop-down list, select IPv4.
  • On the L3 fields tab, in the Source IP field, enter the 192.168.2.0/24 address.

    In this case, the rule identifies traffic with the following properties in the overall data stream:

  • Outer VLAN tag — 1
  • Outer PCP tag — 3
  • Protocol — IPv4
  • Source IP address — 192.168.2.0/24

    Traffic that is missing at least one of these properties is not identified.

See also

Scenario: Directing application traffic to a transport service
Article ID: 246479, Last review: Aug 21, 2024
Page top