OPBNOS R2.3
Release
  • Open Packet Broker
  • What's New?
  • Getting Started
    • Licensing
    • Limitations
    • Image Management
      • Installing OPBNOS from ONIE
      • Installing OPBNOS from USB Drive
      • Image Upgrade from OPBNOS
      • Selecting OPBNOS on next boot
      • Removing available images
      • Rebooting the Switch
    • Scalability
  • CLI Configuration Guide
    • Configuring License
    • Configuring Hostname
    • Interface Management
      • Configuring Management Interface
      • Configuring Physical Interface
    • Link Layer Discovery Protocol (LLDP)
      • Enabling LLDP
      • Displaying LLDP Neighbors
    • Configuring Interface Description
    • Configuring Auto Negotiation
    • Configuring FEC
    • Configuring Maximum Transition Unit
    • Configuring Port Speed
    • Configuring Interface Type
    • Configuring VLAN Modes
    • Configuring Loopback Mode
    • Configuring Packet Slicing
    • Configuring Ingress VLAN
    • Configuring Egress Tagging
    • Configuring Tx-only
    • Configuring An-clause
    • Configuring PortChannel
    • Configuring Flows and Rules
      • Configuring Network Ports
      • Configuring Tool Ports
      • Configuring Flows
      • Configuring Flow Description
      • Configuring Flow Rules (NVIDIA)
      • Configuring Flow Rules (Broadcom)
      • Configuring Flow Match Expression Rules
      • Configuring Flow UDF Rules
      • Configuring Push/Pop VLAN
      • Configuring Flow Override Action(s)
      • Display Flow Information
      • Clear Flow Counters
    • Zero Touch Provisioning
      • DHCP Discovery
      • ZTP Boot File
      • Enable ZTP
    • Configuration Management
      • Copying Files To Device
      • Copying Files From Device
      • Copying Running and Startup Configuration
      • Saving Configuration
      • Display Configuration
      • Clearing Startup configuration
    • Ping
    • Traceroute
    • Configuring NTP
    • Configuring Timezone
    • Configuring SYSLOG
    • Configuring SNMP
      • Configure SNMP community
      • Configuring SNMP Trap
      • Configuring SNMP Threshold
    • Configuring AAA and TACACS
      • Configuring AAA
      • Configuring TACACS Server
    • Configuring GTP
    • Configuring VxLAN
    • Configuring sFlow
    • Display Interface Information
      • Front Panel Port Mapping
    • Display System Information
      • Interface Transceiver Information
      • System Uptime
      • Reboot Cause
      • Show Environment
      • Show System Memory
      • Show Docker Memory
      • Show Services
      • Show Platform Fan
      • Show platform pcieinfo
      • Show Platform PSU
      • Show Platform SSD
      • Show Platform Summary
      • Show Platform Syseeprom
      • Show Platform Temperature
    • Troubleshooting
  • Aviz FlowVision Graphical User Interface Guide
    • System
      • Viewing the Dashboard
      • Accessing System and Device Information
      • Managing Topologies
      • Managing Devices
      • Viewing System Log
      • Managing Users
      • Performing Backup and Restore
      • Viewing Audit Logs
    • Configuration
      • Configuring Ports
      • Configuring Port Groups
      • Configuring Rule Templates
      • Configuring Flows
    • Statistics
      • Viewing Port Statistics
      • Viewing Flow Statistics
    • Help
  • REST API Guide
    • FLOW
    • Interface Management
    • Port Channel
    • LLDP
    • System and Platform
    • Statistics
  • Use Cases
    • For Engineers
      • VxLAN Deployment (NVIDIA)
      • GTP Deployment
      • Truncation and Load Balancing
      • Ingress VLAN and Egress Tagging
      • Loopback-mode Port
      • VLAN Mode/Tag Actions
    • Command Reference
      • Converting Network-to-Tool port
      • Configuring 1G Electrical SFP
  • Solution Integration
    • Visibility and Analysis with Arkime, Elastic-Search, Kibana
      • Configuring OPBNOS
      • Installing Arkime
      • Troubleshooting
  • Support
    • How to contact Aviz Networks Support?
Powered by GitBook
On this page

Was this helpful?

  1. CLI Configuration Guide
  2. Configuring Flows and Rules

Configuring Flow UDF Rules

Using this command, users can configure a rule to match specific bytes in the ingress packet based on user given offset to permit or deny these packets.

  • Offset for L3 packet starts from IP header in the packet

  • offset for L2 packet starts from EtherType in the packet

Before configuring flow rules, Network and Tool ports must be configured

This feature is supported only on NVIDIA spectrum-2/3 platforms

UDF and GTP can not be configured together on a device

Reference

Command

rule ((deny | permit) [description ] [udf-data udf-extraction-group (l2 | l3 [udf-extraction-point ]) udf-offset ] [counters (enable | disable )]

no rule <ruleid>

Description

Rule configuration

Parameters

  • ruleid: It should be in the range 1 to 6000

  • description: max 50 characters

  • udf-data: data bytes that need to be matched with the incoming packet (20 bytes for SPC 2 & 3, and 16 bytes for SPC1)

  • udf-extraction-group:

    • l2 - match from l2 header ethertype field

    • l3 - match from start of IPV4 or IPV6 header

  • udf-extraction point: (applies for only l3 extraction point) set extraction point from start of IPV4 or IPV6 header

  • udf-offset: offset from which bytes will be monitored from extraction point

  • counters: can be enabled or disabled

Mode

FLOW

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# 
  !                     Exit from the current prompt
  description           Configure description for flow
  enable                Enable the flow
  end                   Exit to exec prompt
  exit                  Exit from the current prompt
  network-ports         Configure network or TAP ports
  no                    no form
  pop-vlan              Pop Vlan Tag
  push-vlan-tag         Push VLAN tag
  rule                  Configure rule
  show                  Show commands
  tool-ports            Configure network tool or analyzer ports
  top                   Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 permit description "UDF" udf-data 0xb166 udf-extraction-group l2 udf-offset 2 counters enable
pbnoscli(config-flow-flow01)# rule 2 permit description "UDF" udf-data 0x4500 udf-extraction-group l3 udf-extraction-point ipv4 udf-offset 0 counters enable 
pbnoscli(config-flow-flow01)# end

You can verify the configuration by using the command(s) below:

pbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1     
Tool-Port    : Ethernet2/1     

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Description              : UDF             
UDF Data                 : 0xb166          
UDF Extraction Group     : l2              
UDF Offset               : 2               
Counters                 : enable          

Rule : 2               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Description              : UDF             
UDF Data                 : 0x4500          
UDF Extraction Group     : l3              
UDF Extraction Point     : ipv4            
UDF Offset               : 0               
Counters                 : enable          
pbnoscli# 
 

pbnoscli# show flow counters all
Flow-Name       Rule-Id        ASIC-Stat-Id   Counter-Value
=============================================================
flow01          2               98304           503378220       
flow01          DropRule        73728           4390145               
flow01          1               90112           2270112825               
pbnoscli# 
pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1
tool-ports Ethernet2/1
rule 1 permit description "UDF" udf-data 0xb166 udf-extraction-group l2 udf-offset 2 counters enable
rule 2 permit description "UDF" udf-data 0x4500 udf-extraction-group l3 udf-extraction-point ipv4 udf-offset 0 counters enable 
!
pbnoscli#
PreviousConfiguring Flow Match Expression RulesNextConfiguring Push/Pop VLAN

Last updated 2 years ago

Was this helpful?