When you’ve decided which services you need in your network, implementing them can seem like a daunting task. Which configuration do you apply first? Which addresses do you apply to a given service when applying a rule? How about if you have a class of service (CoS) applied? Where do packet filters fit into the packet flow?
Figure 8-13 and Figure 8-14 should help you sort through this mystery and decide where configuration processes occur. These diagrams are not meant to represent every possible scenario, but rather to give you a general feel for the complex processing that could be involved. The exact processing will depend on whether a next hop- or an interface-style service set is applied (for more on CoS concepts, refer to Chapter 9).
Figure 8-13. Incoming packet processing
The steps outlined in Figure 8-13 are as follows:
The packet enters the incoming interface.
The packet is classified by a behavior aggregate (BA) classifier.
The packet is processed by an input filter and policer (and may be reclassified).
The packet enters a service filter, and it is either serviced or skipped; if it is skipped, jump to step 7.
The input service is performed.
A post-service filter is applied.
The route lookup occurs.
If the result of the route lookup is a GRE packet, go to step 9; if not, send on for output processing.
De-encapsulate the GRE packet and go back to step 1.
After the ...