ZXR10 8900 Series

10G Routing Switch

User Manual (DPI Volume)

Version 2.8.02.C

ZTE CORPORATION
ZTE Plaza, Keji Road South,
Hi-Tech Industrial Park,
Nanshan District, Shenzhen,
P. R. China
518057
Tel: (86) 755 26771900 800-9830-9830
Fax: (86) 755 26772236
URL: http://support.zte.com.cn
E-mail: doc@zte.com.cn
LEGAL INFORMATION

Copyright 2006 ZTE CORPORATION.

The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of
this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPO-
RATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations.

All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION
or of their respective owners.

This document is provided as is, and all express, implied, or statutory warranties, representations or conditions are dis-
claimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose, title or non-in-
fringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the
information contained herein.

ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject
matter of this document. Except as expressly provided in any written license between ZTE CORPORATION and its licensee,
the user of this document shall not acquire any license to the subject matter herein.

ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.

Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.

The ultimate right to interpret this product resides in ZTE CORPORATION.

Revision History

Revision No. Revision Date Revision Reason

R1.0 20090610 First Release

Serial Number: sjzl20093842

Contents

About This Manual.............................................. i

What is DPI? .....................................................1
What is DPI? .................................................................. 1
DPI Applications ............................................................. 2
Configuring Signature Symbol ...........................3
Signature Symbol Overview ............................................. 3
Configuring Signature Symbol .......................................... 3
Adding Signature Symbol ............................................ 3
Setting Signature Symbol Hit-Limit-Number and
Application Type ................................................. 4
Showing Configuration of Designated Signature
Symbol ............................................................. 4
Signature Symbol Configuration Example........................... 4
Configuring Signature Entry ..............................5
Signature Entry Overview ................................................ 5
Configuring Signature Entry ............................................. 5
Configuring Signature Entry ......................................... 5
Showing Configuration of Signature Entry ...................... 6
Signature Entry Configuration Example.............................. 6
Configuring Policy .............................................7
DPI Policy Overview ........................................................ 7
Configuring Flow Pool ...................................................... 7
Configuring Parameter Upstream .................................. 7
Configuring Parameter Downstream .............................. 8
Configuring Default Upstream/Downstream
Parameters ........................................................ 8
Showing Configuration of Flow Pool ............................... 8
Flow Pool Configuration Example ...................................... 8
Configuring Sub Service ....................................9
Subservice Overview....................................................... 9
Configuring Subservice.................................................... 9
 Adding Signature Symbol Sequence .............................. 9
Adding Signature Symbol Application ...........................10
Binding Flow-Pool with Current Subservice ....................10
Setting Permit/Deny Policy for Current Subservice .........10
Setting Aging Time for Current Subservice ....................11
Showing Configuration of Designated Subservice ...........11
Subservice Configuration Example ...................................11
Configuring Service ......................................... 13
Service Overview...........................................................13
Configuring Service........................................................13
Adding One Subservice to Current Service ....................13
Importing Another Subservice into One Subservice .........14
Binding Flow-Pool with Current Service .........................14
Showing Service Configuration ....................................14
Service Configuration Example ........................................14
Configuring DPI Template ............................... 17
DPI-Template Overview ..................................................17
Configuring DPI-Template ...............................................17
Binding Direction Rules to Data Flow ............................17
Binding Service Policy ................................................18
Source IP Binding Rules..............................................18
Binding Port Rules .....................................................18
Showing Configuration of DPI-Template ........................18
DPI-Template Configuration Example................................19
Glossary .......................................................... 21
About This Manual
This manual is ZXR10 8900 Series (V2.8.02.C) 10G Rout-
ing Switch User Manual (DPI Volume) and applies to ZXR10
8902/8905/8908/8912 10G routing switch (V2.8.02.C).
ZXR10 8900 series 10G routing switch has the following related
manuals:
Manual
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Hardware Installation
Manual
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Hardware Manual
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch User Manual (Basic
Configuration Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch User Manual (Ethernet
Switching Volume)
Confidential and Proprietary Information of ZTE CORPORATION
Summary
This manual describes
installation preparation,
19-inch cabinet installation,
main device installation,
power cable connection, cable
connection and hardware
inspection.
This manual describes
device functions, technical
characteristics and
parameters, working principle,
hardware structure, MCS, LIC,
power module and fan plug-in
box.
This manual describes using
and operation of device,
system management,
CLI privilege ranking
configuration, port
configuration, network
protocol configuration,
DHCP configuration,
VRRP configuration,
ACL configuration, QoS
configuration, DOTIX
configuration, cluster
management configuration,
network management
configuration, IPTV
configuration, VBAS
configuration, CPU guard,
URPF configuration and UDLD
configuration.
This manual describes
device VLAN configuration,
STP configuration, MAC
address table operation, link
aggregation configuration,
IGMP Snooping configuration,
link protection configuration,
Ethernet OAM configuration
and EPON OLT configuration.
i
 ZXR10 8900 Series User Manual (DPI Volume)
Manual
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch User Manual (IPv4
Routing Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch User Manual (MPLS
Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch User Manual (IPv6
Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Command Index Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(IPv6 Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual (IP
Routing Volume I)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual (IP
Routing Volume II)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(MPLS Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(QoS Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Security Volume)
ii Confidential and Proprietary Information of ZTE CORPORATION
Summary
This manual describes
static routing configuration,
RIP configuration, OSPF
configuration, IS-IS
configuration, BGP
configuration, load balancing
configuration, multicast
routing configuration, IP/LDP
FRR configuration and BFD
configuration.
This manual describes device
MPLS configuration, MPLS
L3VPN configuration and MPLS
L2VPN configuration.
This manual describes device
IPv6 address configuration,
IPv6 neighbor discovery
protocol configuration, IPv6
tunnel configuration, IPv6
static routing configuration,
RIPng configuration, OSPFv3
configuration, IS-ISv6
configuration and BGP+
configuration.
This manual describes volume
and section corresponding to
each command in ZXR10 8900
series 10G routing switch.
This manual describes
IPv6-related commands in
ZXR10 8900 series 10G
routing switch.
This manual describes RIP,
OSPF and IS-IS-related
commands in ZXR10 8900
series 10G routing switch.
This manual describes BGP,
route map and routing
policy-related commands
in ZXR10 8900 series 10G
routing switch.
This manual describes
MPLS-related commands
in ZXR10 8900 series 10G
routing switch.
This manual describes
QoS-related commands in
ZXR10 8900 series 10G
routing switch.
This manual describes
security configuration-related
commands in ZXR10 8900
series 10G routing switch.
 About This Manual

Manual
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Basic Configuration Volume I)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Basic Configuration Volume II)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Basic Configuration Volume III)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Network Management Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Ethernet Switching Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Voice and Video Volume)
ZXR10 8900 Series (V2.8.02.C) 10G
Routing Switch Command Manual
(Multicast Volume)
Commands supported by ZXR10 8900 series (V2.8.02.C) 10G
routing switch are based on uniform platform ZXROS V4.8.22.
ZXR10 8900 Series (V2.8.02.C) 10G Routing Switch User Manual
(DPI Volume) contains the following chapters:
Summary
This manual describes
system management, file
management, user interface,
log statistics, FTP/TFTP server
and IPvr-related commands
in ZXR10 8900 series 10G
routing switch.
This manual describes
interface configuration, DHCP
and VRRP-related commands
in ZXR10 8900 series 10G
routing switch.
This manual describes NAT,
Time Range, stack and
DEBUG-related commands
in ZXR10 8900 series 10G
routing switch.
This manual describes
network management-related
commands in ZXR10 8900
series 10G routing switch.
This manual describes MAC,
VLAN, SuperVLAN, STP, link
aggregation, VBAS, MAC PING
and UDLD-related commands
in ZXR10 8900 series 10G
routing switch.
This manual describes VOIP
and IPTV-related commands
in ZXR10 8900 series 10G
This manual describes
routing switch.
multicast protocol-related
commands in ZXR10 8900
series 10G routing switch.

Chapter Summary
Chapter 1 DPI This chapter describes basic concept and
Overview applications of DPI.
Chapter 2 Signature This chapter describes basic concept,
Entry Configuration configuration and configuration example of
DPI signature entry.
Chapter 3 Signature This chapter describes basic concept,
Symbol Configuration configuration and configuration example of
DPI signature symbol.
Chapter 4 Policy This chapter describes basic concept,
Configuration configuration and configuration example of
DPI policy.
Chapter 5 Sub Service This chapter describes basic concept,
Configuration configuration and configuration example of
DPI sub service.

Confidential and Proprietary Information of ZTE CORPORATION iii

ZXR10 8900 Series User Manual (DPI Volume)

Chapter Summary
Chapter 6 Service This chapter describes basic concept,
Configuration configuration and configuration example of
DPI service.
Chapter 7 DPI This chapter describes basic concept,
Template Configuration configuration and configuration example of
DPI template.
Glossary This part lists glossaries used in this manual.

iv Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 1

What is DPI?

Table of Contents:
What is DPI?...................................................................... 1
DPI Applications ................................................................. 2

What is DPI?
DPI Overview DPIis also called Deep Packet Inspection. To say Deep, it is com-
pared with common packet resolution layers. Common Packet
Inspection only resolves items under layer 4 in IP packet, includ-
ing source address, destination address, source port, destination
port and protocol type. DPI resolves not only these layers, but
also application layer, identifying various applications and corre-
sponding items.
The key technology of DPI is to identify various applications in
network.
Common packet inspection identifies application type through port
id. For example, if port id is detected to be 80, this application is
believed to be a common network application. However, currently
some illegal applications in network will avoid inspection and mon-
itoring by way of hiding or impersonating port id and attack net-
work acting as data flow of legal packets. In this case, such illegal
applications fail to be detected with traditional L2-L4 inspection.
DPI technology is to inspect the content of packets in application
data flow so as to verify the actual application of these packets.
DPI Technology By deploying DPI technology in IP network, system can imple-
Applications ments service identification, service control and service statistics
functions in network operation.
Service Identification
Generally, there are two ways for service identification: one is
legal service fulfilled by carrier and the other is service moni-
tored by carrier.
The former type of service can be identified by five-elements of
service traffic. For example, the address of VOD service traffic
belongs to VOD server network segment and its port is a fixed
address. System adopts ACL to identify this type of service.
As for the latter service, resolve the details of IP packet with
the service identification method mentioned above and learn
the type of service traffic through searching of key word or
service behavior statistics.

Confidential and Proprietary Information of ZTE CORPORATION 1

ZXR10 8900 Series User Manual (DPI Volume)

Service Control
After identifying service traffic with DPI technology, control ser-
vice traffic according to combination conditions of network con-
figurations, such as user, timer, bandwidth, history, traffic and
so on. There are several control ways: normal forwarding,
blocking, limiting bandwidth, traffic shaping, re-marking prior-
ity and so on.
Taking operation of services into account, service control poli-
cies are mainly configured on policy server and distributed after
users get online.
traffic statistics
DPI service statistics function is used to view service traffic
distribution in network and using of various services intuition-
istically. In this way, factors promoting service development
and influencing network operation can be detected, which pro-
vides support to optimization of network and services. For ex-
ample, this function can be used to find what services attract
more users, check if provided service level meets requirement
of user SLA (Service-Level Agreement), conduct statistics to
percent of attack traffic in network, count the number of users
using one game service, and find what servers mostly consume
network bandwidths and which users use illegal VoIP and so on.

DPI Applications
DPI card can perform DPI inspection to L3 traffic redirected to DPI
card. Identify TCP connection or UDP connection established by
each traffic, scan packets based on each connection, and finally
identify connection-based applications (such as P2P VoIP, FTP and
so on). Implement different policies (supporting rate limit, modi-
fication to tos and pri of packet and so on) to different applications
according to user configurations so as to optimize network, pro-
vide meticulous services to users based on existing network, and
increase network benefits for carrier.
DPI card, with the help of NM system, has powerful capabilities in
data record, statistics and analysis. DPI card can conduct statistics
to upstream and downstream traffic per user based on tcp or udp
connection, and record the statistics in real time. After a certain
period (user can customize the interval), DPI card automatically
up-sends the recorded statistics to remote NM system through net-
work. NM system analyses these records and conducts statistics,
so that user can know traffic distribution in current network ex-
actly. Whats more, user can view changes of network traffic and
network applications of different periods (by day, week, month and
so on) and adopt different management modes according to these
changes, so that network can provide services normally.

2 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2

Configuring Signature
Symbol

Table of Contents:
Signature Symbol Overview ................................................. 3
Configuring Signature Symbol .............................................. 3
Signature Symbol Configuration Example............................... 4

Signature Symbol Overview

We describe each sub-service in certain description mode, such as
string and so on. These description modes are called signature
symbol. A signature symbol is a set of signature entries, describ-
ing a minimum independent application, such as BT/FTP/HTTP and
so on.

Configuring Signature
Symbol
Adding Signature Symbol

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#signature-symbol This enters signature symbol
<signature-symbol-id> configuration mode.
3 ZXR10(config-dpi-signature-symbol-2)#add This adds a signature entry to
signature-entry < signature-entry-id> signature symbol.

Confidential and Proprietary Information of ZTE CORPORATION 3

ZXR10 8900 Series User Manual (DPI Volume)

Setting Signature Symbol

Hit-Limit-Number and Application
Type

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#signature-symbol This enters signature symbol
<signature-symbol-id> configuration mode.
3 ZXR10(config-dpi-signature-symbol-2)#set This command sets signature
hit-limit-num <hit-limit-num>protocol-type symbol hit-limit-num and
[normal|inherit] application type. It indicates
the application is confirmed
and verified only after the
hit number of this signature
symbol reaches or is above
the value of hit-limit-num;
application type being inherit
indicates this application
needs being processed by
stages and signature search is
always conducted for packets
at some stages.

Showing Configuration of Designated

Signature Symbol

Command Function
ZXR10(config)#show signature-symbol <signature-sy This shows configuration of
mbol-id> designated signature symbol.
This shows id and details of a
signature entry bound under
signature symbol.

Signature Symbol
Configuration Example
The following part is a signature symbol configuration example:
ZXR10(config)#dpi ZXR10(config-dpi)#signature-symbol 2
ZXR10(config-dpi-signature-symbol-2)#add signature-entry 2
ZXR10(config-dpi-signature-symbol-2)# set hit-limit-num 10
protocol-type inherit ZXR10(config)# show signature-symbol 2

4 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3

Configuring Signature
Entry

Table of Contents:
Signature Entry Overview .................................................... 5
Configuring Signature Entry ................................................. 5
Signature Entry Configuration Example.................................. 6

Signature Entry Overview

Signature symbol contains a set of signature entries. Each sig-
nature entry is a string or a series of sequential strings, which
indicates one signature entry.
Signature entry is a combination of one or more KEYs. KEY can be
classified into two types:
Static KEY: It is contained in the first 16 bytes at the fixed
location of packet. Its valid bit number must be expressed by
mask. Packet here indicates UDP packet or TCP packet. The
first 16 bytes here are the first 16 bytes of packet payload,
not including packet header (L2 header, IP header, TCP/UDP
header and so on).
Dynamic KEY: The location of such key is not fixed in the
packet. However, each key must be a specific string or a
series of sequential hexadecimal numbers. These characters
must be consecutive.

Configuring Signature Entry

Configuring Signature Entry

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.

Confidential and Proprietary Information of ZTE CORPORATION 5

ZXR10 8900 Series User Manual (DPI Volume)

Step Command Function

2 ZXR10(config-dpi)#signature-entry <signature-e This enters signature entry
ntry-id> configuration mode.
3 ZXR10(config-dpi-signature-entry-2)#set content This sets content of the
<string> signature entry.

Showing Configuration of Signature

Entry

Command Function
ZXR10(config)#show signature-entry <signature-entr This shows configuration of a
y-id> signature entry.

Signature Entry
Configuration Example
The following part shows a signature entry configuration example:
ZXR10(config)#dpi ZXR10(config-dpi)#signature-entry 2
ZXR10(config-dpi-signature-entry-2)#set content
0xabcd(0xffffffff000000000000000000000000)+0x1234+0x5678
ZXR10(config)#show signature-entry 2

6 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 4

Configuring Policy

Table of Contents:
DPI Policy Overview ............................................................ 7
Configuring Flow Pool.......................................................... 7
Flow Pool Configuration Example .......................................... 8

DPI Policy Overview

DPI policy can also be described as application + policy. That is,
implement different policies for different applications. This com-
bination is called DPI policy. In entry flow-pool, upstream/down-
stream rate-limit policy is configured.

Configuring Flow Pool

Configuring Parameter Upstream

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#flow-pool <flow-pool-id> This enters flow pool
configuration mode.
3 ZXR10(config-dpi-flow-pool-2)#upstream-rate-li This configures parameter
mit <limit-rate> cbs <cbs-bytes> ebs <ebs-bytes> upstream of flow pool.
limit-rate: It is rate limit, in
kbps.
cbs: It is committed burst
size, in bytes.
ebs: It is excess burst size,
in bytes.

Confidential and Proprietary Information of ZTE CORPORATION 7

ZXR10 8900 Series User Manual (DPI Volume)

Configuring Parameter Downstream

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#flow-pool <flow-pool-id> This enters flow pool
configuration mode.
3 ZXR10(config-dpi-flow-pool-2)#downstream This configures parameter
-rate-limit <limit-rate> cbs <cbs-bytes> ebs downstream of flow pool.
<ebs-bytes>

Configuring Default Upstream/Downs

tream Parameters

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#default-flow-pool {downs This configures parameters
tream | upstream} rate-limit <limit-rate> cbs upstream and downstream of
<cbs-bytes> ebs <ebs-bytes> default flow pool (flow pool
1).

Showing Configuration of Flow Pool

Command Function
ZXR10(config)#show flow-pool <flow-pool-id> This shows configuration of flow
pool.

Flow Pool Configuration

Example
The following part shows a flow pool configuration example:
ZXR10(config)#dpi ZXR10(config-dpi)#flow-pool 2
ZXR10(config-dpi-flow-pool-2)# upstream-rate-limit 100 cbs
3000 ebs 3000 ZXR10(config-dpi-flow-pool-2)#
downstream-rate-limit 200 cbs 3000 ebs 3000

8 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 5

Configuring Sub Service

Table of Contents:
Subservice Overview........................................................... 9
Configuring Subservice........................................................ 9
Subservice Configuration Example .......................................11

Subservice Overview
Subservice describes one type of service contained in the service.
Each subservice contains one or more signature-symbol relations,
and each signature-symbol relation is made up of a signature-sym-
bol serial number (separated by slash, such as 1/2/3/4). Each
subservice is only bound with one flow-pool. Other policies can
also be bound. At present, policies action and aging-time are sup-
ported.

Configuring Subservice
Adding Signature Symbol Sequence

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#subservice <subservice-id> To enter subservice
configuration mode, execute
the following commands:
3 ZXR10(config-dpi-subservice-2)#add signature-sy This command adds signature
mbol <signature-symbol-id-relation>[relation-name] symbol sequence for current
subservice and meanwhile
names this sequence as
relation-name.

Confidential and Proprietary Information of ZTE CORPORATION 9

ZXR10 8900 Series User Manual (DPI Volume)

Adding Signature Symbol Application

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#subservice <subservice-id> This enters subservice
configuration mode.
3 ZXR10(config-dpi-subservice-2)#add protocol This adds one signature
<protocol-name> symbol application for current
subservice.

Binding Flow-Pool with Current

Subservice

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#subservice <subservice-id> This enters subservice
configuration mode.
3 ZXR10(config-dpi-subservice-2)#bind flow-pool This binds flow-pool with
<flow-pool-id> current subservice

Setting Permit/Deny Policy for

Current Subservice

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#subservice <subservice-id> This enters subservice
configuration mode.
3 ZXR10(config-dpi-subservice-2)#action This sets permit/deny policy
{permit|deny} for current subservice.

10 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 5 Configuring Sub Service

Setting Aging Time for Current

Subservice

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#subservice <subservice-id> This enters subservice
configuration mode.
3 ZXR10(config-dpi-subservice-2)#aging-time This sets aging time for
<time> current subservice.

Showing Configuration of Designated

Subservice

Command Function
ZXR10(config)#show subservice <subservice-id> This shows configuration of
designated subservice.

Subservice Configuration
Example
The following part shows a subservice configuration example:
ZXR10(config)#dpi ZXR10(config-dpi)#subservice 2
ZXR10(config-dpi-subservice-2)#add signature-symbol
1/2/3/4 XXXX
ZXR10(config-dpi-subservice-2)# add protocol HTTP
ZXR10(config-dpi-subservice-2)# bind flow-pool 2
ZXR10(config-dpi-subservice-2)# action permit
ZXR10(config-dpi-subservice-2)# aging-time 10
ZXR10(config)# show subservice 2

Confidential and Proprietary Information of ZTE CORPORATION 11

ZXR10 8900 Series User Manual (DPI Volume)

This page is intentionally blank.

12 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 6

Configuring Service

Table of Contents:
Service Overview...............................................................13
Configuring Service............................................................13
Service Configuration Example ............................................14

Service Overview
Service represents the service level assigned by network adminis-
trator. One service is composed of a set of sub services. The same
one service can be bound on multiple interfaces and different ser-
vices can be bound with the same sub service. Import subservice
can be configured under service (that is add another subservice
into one subservice and the two must be in the same one service)
and each service can be bound with only one flow-pool.

Configuring Service
Adding One Subservice to Current
Service

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#service<service-id> This enters service
configuration mode.
3 ZXR10(config-dpi-service-2)#add subservice This adds one subservice to
<subservice-id> current service.

Confidential and Proprietary Information of ZTE CORPORATION 13

ZXR10 8900 Series User Manual (DPI Volume)

Importing Another Subservice into

One Subservice

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#service<service-id> This enters service
configuration mode.
3 ZXR10(config-dpi-service-2)#import subservice This imports another
<subservice-id> im_subservice <im_subservice-id> subservice into one
subservice.

Binding Flow-Pool with Current

Service

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#service<service-id> This enters service
configuration mode.
3 ZXR10(config-dpi-service-2)#bind flow-pool This binds flow-pool with
<flow-pool-id> current service and uses it as
default policy of this service.

Showing Service Configuration

Command Function
ZXR10(config)#show service <service-id> This shows service
configuration. It also shows
added subservices and bound
flowpool-id under this service.

Service Configuration
Example
The following part shows a service configuration example:

14 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 6 Configuring Service

ZXR10(config)#dpi ZXR10(config-dpi)#service 2
ZXR10(config-dpi-service-2)#add subservice 2
ZXR10(config-dpi-service-2)# bind flow-pool 12
ZXR10(config)# show service 2

Confidential and Proprietary Information of ZTE CORPORATION 15

ZXR10 8900 Series User Manual (DPI Volume)

This page is intentionally blank.

16 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 7

Configuring DPI
Template

Table of Contents:
DPI-Template Overview ......................................................17
Configuring DPI-Template ...................................................17
DPI-Template Configuration Example....................................19

DPI-Template Overview
Configure related rules under DPI-template node. Each sip (source
ip)/port/vlan can only be bound with one service and the same one
service can be bound to different sips/ports/vlans meanwhile.

Configuring DPI-Template
Binding Direction Rules to Data Flow

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#dpi-template <template-id > This enters dpi-template
configuration mode.
3 ZXR10(config-dpi-template-2)#bind slot <slot-id> This redirects traffic
in DPI-template to
corresponding DPI card.
Slot id is the slot number
where DPI card locates.

Confidential and Proprietary Information of ZTE CORPORATION 17

ZXR10 8900 Series User Manual (DPI Volume)

Binding Service Policy

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#dpi-template <template-id > This enters dpi-template
configuration mode.
3 ZXR10(config-dpi-template-2)#bind service This binds service policy in
<service-id > current DPI-template.

Source IP Binding Rules

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#dpi-template <template-id > This enters dpi-template
configuration mode.
3 ZXR10(config-dpi-template-2)#bind sip-addr This binds source IP rules in
<ip-address><net-mask> service <service-id > current DPI-template.

Binding Port Rules

Step Command Function

1 ZXR10(config)#dpi This enters DPI configuration
mode.
2 ZXR10(config-dpi)#dpi-template <template-id > This enters dpi-template
configuration mode.
3 ZXR10(config-dpi-template-2)#bind switchport This binds port rules in current
<slot-id >/< port-id > service <service-id> DPI-template.

Showing Configuration of
DPI-Template

Command Function
ZXR10(config)#show dpi-template <template-id> This shows configuration of
dpi-template.

18 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 7 Configuring DPI Template

DPI-Template Configuration
Example
The following part shows a DPI-template configuration example:
ZXR10(config)#dpi ZXR10(config-dpi)# dpi-template 2
ZXR10(config-dpi-template-2)# bind slot 4
ZXR10(config-dpi-template-2)# bind service 2
ZXR10(config-dpi-template-2)# bind sip-addr 1.1.1.1
255.255.255.0 service 10
ZXR10(config-dpi-template-2)# bind switchport 1/12
service 20
ZXR10(config)# show dpi-template 2

Confidential and Proprietary Information of ZTE CORPORATION 19

ZXR10 8900 Series User Manual (DPI Volume)

This page is intentionally blank.

20 Confidential and Proprietary Information of ZTE CORPORATION

Glossary

ACL - Access Control List

DPI - Deep Packet Inspection
FTP - File Transfer Protocol
SLA - Service Level Agreement
TCP - Transmission Control Protocol
UDP - User Datagram Protocol
VOD - Video On Demand
VoIP - Voice over Internet Protocol

Confidential and Proprietary Information of ZTE CORPORATION 21