Configuring Flow Rules (NVIDIA)
NVIDIA ASIC
You can configure a rule with certain qualifiers to aggregate and filter traffic from network port(s) to tool port(s) for monitoring.
Reference
Command
rule <ruleid> (deny | permit ) [description <cstring>] ([ethertype <etype>] [vlan <vid>] [src-ip (<ipv4> | <ipv6 > src-netmask <ipv6 >)] [dest-ip (<ipv4> | <ipv6 > dest-netmask <ipv6 >)] [protocol (tcp | udp | <ptype >)] [l4portsrc <sport>] [l4portdst <dport>] [tosval <sval >] [dscp <dval>] [ttl <tval>] [tcpctl <flags > tcpctlmask <tcpmask >] | match_all [ipv6]) [counters (enable | disable)]
no rule <ruleid>
Description
Rule configuration
Parameters
ruleid: It should be in the range 1 to 6000
description: max 50 characters
ethertype: hexadecimal value prefix with 0x. max 4 characters.
vlan: VLAN id 2 to 4094
src-ip: source IP address
dest-ip: Destination IP address
protocol: L3 Protocol
l4portsrc: L4 source port for TCP or UDP
l4portdst: L4 source port for TCP or UDP
tossval: Type of Service
dscp: Differentiated services code point.
ttl: Time-to-live
tcpctl: TCP control flags
Mode
FLOW
Example
pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)#
! Exit from the current prompt
description Configure description for flow
enable Enable the flow
end Exit to exec prompt
exit Exit from the current prompt
network-ports Configure network or TAP ports
no no form
pop-vlan Pop Vlan Tag
push-vlan-tag Push VLAN tag
rule Configure rule
show Show commands
tool-ports Configure network tool or analyzer ports
top Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1
action Add rule specific action
deny Deny traffic
permit Permit traffic
pbnoscli(config-flow-flow01)# rule 1 permit
<cr>
counters Enable counters
description Add description within double quotes
dest-ip Destination IP address
dscp Differentiated services code point
ethertype ethernet type, 0x800, 0x8100
gtp GTP Tunneling
l4portdst L4 destination port
l4portsrc L4 source port
match-all Match all
protocol IP protocol
qualifiers Flow Rule Qualifiers
src-ip Source IP address
tcpctl TCP Control Flags
tosval Type of Service
ttl Time-to-live
vlan Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
//to remove a rule
pbnoscli(config-flow-flow01)# no rule 1
pbnoscli(config-flow-flow01)#You can verify the configuration by using the command(s) below:
pbnoscli# show flow summary
Flow-Name Rule-Id Status Counter-Value
=========================================================
flow01 1 Active 1675
pbnoscli#
pbnoscli# show flow flow01
===================================
Flow : flow01 (CLI)
===================================
Status : enable
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port : port-channel1,Ethernet8/1
Rule : 1
++++++++++++++++++++++++++++++++++
Action : permit
Source IP : 2401::1
Source Mask : f::f
Destination IP : 2401::2
Destination Mask : f::f
Counters : enable
pbnoscli# \\Configuring IPv4 rules
pbnoscli# show running-config
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
!
pbnoscli# \\Configuring IPv6 rules
pbnoscli# show running-config
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 2401::1 src-netmask f::f dest-ip 2401::2 dest-netmask f::f counters enable
!
pbnoscli# Last updated
Was this helpful?