Building Policy Maps : What Happens to an Outbound Packet
What Happens to an Outbound Packet
MATCH criteria and SET Actions are the building blocks of policy maps. Maps use prioritized entries, known as rules, to sort traffic.
The appliance pairs MATCH criteria with SET Actions to filter outbound packets into flows and then process them appropriately.
n
MATCH criteria define flows in policy maps, Access Control Lists (ACL), and user-defined applications. Wherever they are, MATCH criteria all have the same possible components.
n
SET Actions determine how the flow is processed. The possible actions are specific to the type of policy. For ACLs, the possible actions are Permit and Deny.
How the Policies are Related
The Appliance Manager has separate policies for routing, optimization, and QoS (Quality of Service) functions. You can create multiple versions (maps) for each policy, but only the active map is applied.
By default, each of the three policies has one active map, map1. However, there is no relationship between map names across different policies.
The Route Policy does the first screening and determines whether an individual flow is ultimately:
directed to a tunnel, shaped, and optimized
processed as shaped, pass-through (unoptimized) traffic
processed as unshaped, pass-through (unoptimized) traffic
continued to the next applicable Route Policy entry if a tunnel goes down, or
dropped.
When a flow is not directed to a tunnel, then
the Optimization Policy is not applied, and
the QoS Policy processes pass-through shaped and unshaped traffic for DSCP markings, and only pass-through shaped traffic for traffic class assignment.
Default SET Actions
Within a policy, the appliance searches the Priorities in ascending order. When it finds a match for the outbound packet, it executes the associated SET action(s). If no entries match, it applies the policy’s default entry.
Each map has one default entry. It’s always the last entry, with a Priority of 65535.
Following are the SET actions available for each policy. The default value is highlighted in blue:
Policy
Parameters for SET actions
Options
For more information, see...
Route
Tunnel
[a specific tunnel]
Auto optimized
Pass-through shaped
Pass-through unshaped
Drop
“Route Policy”
 
Tunnel Down Action
Pass-through shaped
Pass-through unshaped
Drop
Continue
 
QoS
Traffic Class
Default is Traffic Class 1. Traffic classes are defined in the Shaper.
“Bandwidth Management & QoS Policy”
 
LAN QoS
trust-lan
(plus other DSCP markings)
 
 
WAN QoS
trust-lan
(plus other DSCP markings)
 
Optimization
Network Memory
IP Header Compression
Payload Compression
TCP Acceleration
Protocol Acceleration1
Default = Balanced
Default = ON
Default = ON
Default = ON
Defaults = CIFS, SSL
“Optimization Policy”
1
SRDF and Citrix optimizations are also available. By default, they’re not enabled because you need to configure the most appropriate port for your circumstances.

The Route map automatically optimizes all IP flows — TCP and non-TCP.
The QoS map places all traffic in Traffic Class #1 and trusts the existing DSCP markings.
The Optimization map applies all optimizations to tunnelized flows — Network Memory, IP header compression, payload compression, TCP acceleration, and protocol-specific accelerations (CIFS and SSL).
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.