action.skip
Megaport Documentation
Using Packet Filters
PDF

Using Packet Filters

You can use packet filters to manage the traffic that is allowed to flow through your Megaport Cloud Router (MCR). Packet filters allow data from defined IP addresses to pass through, and deny access to data from other defined IP addresses.

Packet filters are defined on an MCR after it has been ordered and has gone live. You then edit the configuration of your MCR to add the packet filters that you need. When you configure a connection to your MCR, you can add your defined packet filters to either the A-End or B-End of the connection, depending on where your MCR is located.

This image shows a diagrammatic depiction of an MCR with a packet filter applied allowing or denying data to the VXC and subsequently the cloud.

Packet filter rules

  • Packet filter lists are defined on a deployed MCR.
  • Packet filter lists are applied to the VXC interface - either A-End or B-End, depending where your MCR is located.
  • If no packet filters are applied to the connection, then all traffic is allowed to flow through your MCR.
  • When a packet filter is applied to the connection, any traffic not permitted by the packet filter is denied.
  • Packet filters support the following matches:
    • Source IP Address
    • Destination IP Address
    • IP Protocol
    • Source Port/Port Range (for TCP and UDP protocols)
    • Destination Port/Port Range (for TCP and UDP protocols)
  • Packet filters support both IPv4 and IPv6.
  • You can create up to 20 packet filter lists.
  • Each packet filter list can contain up to 50 entries.

Creating packet filters

You can only create packet filters on a deployed MCR. You can create a maximum of 20 packet filter lists per MCR.

To create a packet filter list

  1. Create, order, and deploy an MCR.
    For more information, see Creating an MCR.

  2. On the Services page, find your new MCR and click the gear icon next to the connection in the Portal.
    This image shows the clickable icons next to a service name.
    The MCR Configuration screen appears.
    This image shows the MCR configuration page.

  3. Click the Packet Filter Lists tab.
    The Packet Filter List page appears. This image shows the packet filters page.

  4. Click New List to add a new list.

  5. Enter a name for your packet filter list in the Name field.

  6. Enter your filter details.

    • Action – Select Permit or Deny from the drop-down list.
    • Source IP Address – Enter the source IP address you want to filter traffic from.

    • Destination IP Address – Enter the destination IP address for your filter.

      Note

      The source IP address and the destination IP address must be the same format. For example, they must both be IPv4 or IPv6.

    • Protocol – Select the protocol to filter traffic on. If the protocol you require is not on the list, you can select Custom.

    • IP Protocol Number – This will be populated automatically when you choose a protocol from the drop-down list. If you choose Custom, you must enter a number from the list of assigned internet protocol numbers.
    • Source Ports – You can specify a source port or a range of ports in the format 1111-9999.
    • Destination Ports – Specify a destination port or a range of ports.
    • Description (optional) - Add a description.

    Use the position icon at the beginning of the row to reorder the list using drag and drop.
    Click the trash icon at the end of the row to delete an entry in a list.

    This image shows the packet filter row position and trash icons.

  7. Add as many entries to the list as you need, up to a maximum of 50 per list.

  8. Click Save.

Editing a packet filter list

Add or delete entries from a packet filter list, or update the settings of each entry.

To edit a packet filter list

  1. To edit a packet filter list, select the list you want to edit from the drop-down list.

  2. Make your changes.
    You can change any part of the list.

  3. Click Save.

Duplicating a packet filter list

You can duplicate a list to speed up setting up your filters.

To duplicate a packet filter list

  1. Select the list you want to duplicate from the drop-down list.

  2. Click Duplicate List.

  3. Enter a name for the list in the Name field.

  4. Edit the required details in the list to make it unique.

  5. Click Save.

Deleting a packet filter list

You can delete entire lists if they are not required any more or are out of date.

To delete a packet filter list

  1. Select the list you want to delete from the drop-down list.

  2. Click Delete List.

  3. Click OK to confirm.

Applying a packet filter list

You can apply a packet filter list to the VXC when you create a connection from your MCR.

To apply a packet filter list

  1. Create a connection from the MCR with the packet filter lists defined.
    For more information, see Creating an MCR VXC.

  2. In the VXC definition, enter the connection details, then click Next.

  3. On the MCR A-End page, enter these details:

    • Interface IP Addresses – Enter the A-End interface IP Address and subnet mask as required for your network.

    • Packet Filters – Select a packet filter list from the Inbound or Outbound drop-down list, as required for your configuration.

      Note

      You can also fill in other fields here, such as Network Address Translation (NAT) or BGP Connections. For more information, see How MCR performs NAT and Configuring BGP Advanced Settings.

  4. Click Next.

  5. Read the Summary page and click Add VXC.

Helpful references