GigaSMART Header Stripping
Required License: Header Stripping
GigaSMART operations with a Strip Header component can identify and remove headers from tagged packets or headers and trailers from tunneled (encapsulated) packets.
The following types of packets can be stripped:
Header Stripping – Remove headers from ERSPAN, MPLS, MPLS+VLAN, VLAN, VN-Tag, VXLAN, GRE, tagged packets, Cisco FabricPath Headers, or FM6000 timestamps before they are sent to tool ports. This feature is handy when working with tools that either cannot recognize these headers or have to engage in additional processing to adjust for them. Figure 1 shows the GigaSMART Operations page for configuring header stripping. |
Tunnel Stripping – Remove both the header and trailer of ISL or GTP-encapsulated packets, preserving the packet within for analysis. This is handy when sending data to tools that cannot parse the ISL or GTP tunnel information and analyze the packets within. Figure 2 shows an example of the GS Operations page configured for tunnel stripping. |
Figure 52 | Strip Header GigaSMART Operation Configured |
Figure 53 | Tunnel Stripping GigaSMART Operation Configured |
You can also use the Strip Header feature in tandem with the Add VLAN component to differentiate stripped packets from non-stripped packets. This is particularly useful when seeing stripped/non-stripped packets on common IP ranges (10.x.x.x; 192.168.x.x). Refer to the following table for more information.
Keep in mind the following when configuring GigaSMART operations with a Strip Header component:
Summary |
Description |
||||||||||||
ERSPAN Header Stripping |
The ERSPAN header can be stripped. Specify an ERSPAN flow ID, from 0 to 1023. Use this option to strip ERSPAN Type II and Type III headers. A flow ID of zero is a wildcard value that matches all flow IDs. |
||||||||||||
Cisco FabricPath Header Stripping |
The Cisco FabricPath headers can be stripped. The ability to decapsulate all packets with Cisco FabricPath headers; that is, all packets matching a destination switch ID and source switch ID. Also apply filters based on outer src/dst switch ID or ability to filter based on inner packet parameters with or without decapsulating the packet. The Fabric Switch ID Source and Fabric Switch ID Destination attributes are mandatory. Enter a value from 0 to 4095 (<0~(2^12-1)>) for a 12-bit switch ID. Enter 0 to strip all switch IDs. |
||||||||||||
FM6000 Timestamp Header Stripping |
Packets entering GigaSMART from other devices may contain FM6000 timestamps. FM6000 is an Intel chip used for timestamping. The FM6000 timestamp can be stripped or it can be converted to UTC and appended to one of two Gigamon timestamping trailer formats. FM6000 has a hardware timestamp in the packet. For GigaSMART, the hardware timestamp needs to be translated into UTC time. An FM6000 device sends time mapping information in separate control packets called keyframes, which enable the UTC timestamp to be calculated. The calculated UTC timestamp can then be appended to the packets as a trailer. There are three timestamp formats: None, or GigaSMART, and X12-TS (for PRT-H00-X12TS). If the timestamp format is none, the FM6000 timestamp is stripped from the packet. If the timestamp format is GigaSMART or X12-TS, the FM6000 timestamp is stripped, converted to UTC, and a trailer containing the UTC timestamp is appended to the packets. The GigaSMART timestamp is added to the GigaSMART trailer. For the format of the GigaSMART trailer, refer to GigaSMART Trailer Reference. The X12-TS timestamp is added to the PRT-H00-X12TS trailer. For the format of the PRT-H00-X12TS trailer, refer to GigaVUE-OS CLI Reference Guide. NOTES:
For an FM6000 timestamping example, refer to Example – FM6000 Timestamping. |
||||||||||||
GRE Header Stripping |
By specifying a GigaSMART Operation with a GSOP type of Strip Header GRE, the GigaSMART can strip GRE headers. It will automatically strip either Layer 3 or Layer 2 headers depending on the incoming packet. Layer 3 – The GigaSMART can strip the outer IPv4 delivery header and the GRE header to expose the encapsulated packet. Only IPv4 as the delivery protocol is supported. Any packet inside the GRE tunnel will be exposed, including IPv6 payloads. For an example, refer to Example – Stripping Layer 3 GRE IP Encapsulated Packets. Layer 2 – The GigaSMART can strip GRE MPLS encapsulated and GRE Ethernet encapsulated packets, as follows:
|
||||||||||||
Maximum MPLS Label Stack |
The GigaSMART can strip MPLS headers up to a depth of seven labels. |
||||||||||||
Supported VLAN Types |
The GigaSMART can strip both 802.1Q and Q-in-Q VLAN headers. Refer to How to Handle Q-in-Q Packets in Maps. |
||||||||||||
VXLAN Stripping |
GigaSMART can strip VXLAN (Virtual eXtensible Local Area Network) headers. You can strip either matching VXLAN headers or all VXLAN headers. Select Strip Header from the GigaSMART Operation, select VXLAN for the protocol and use the following value in the Vxlan Id field: 0~(2^24-1). The VXLAN header is 8 bytes long with a 3-byte VXLAN Network Identifier (VNI) field. The VNI field is matched with the configured value and if it matches, the outer header (L2+IP+UDP+VXLAN) is stripped and the inner frame is sent to the tool. Specify a value of 0 to strip all outer VXLAN headers. Note: When processing packets with multiple encapsulation layers – for example, an ERSPAN-tunneled packet with a VXLAN tag – a VXLAN header-stripping operation will strip all the way to the end of the VXLAN layer instead of just the VXLAN tag. |
||||||||||||
ISL Tunnel Stripping |
ISL tunnel stripping removes the 26-byte header and the 4-byte FCS trailer associated with Cisco ISL VLAN encapsulation. Important: Make sure the packets processed by a GigaSMART operation with a Strip Header ISL component are all using ISL encapsulation. GigaSMART operations do not distinguish between packets using ISL and packets that do not – it strips the requisite bytes from all packets it processes. |
||||||||||||
GTP Tunnel Stripping |
GTP tunnel stripping removes the header and trailer for GTP-u packets inside the GTP tunnel between the SGSN and GGSN interfaces in a 3G network, and between the eNodeB (eNb) and the SGW and between the SGW and the PGW in an LTE network. The SGSN and GGSN interfaces are also referred to as the Gn (or Gp) interface. The interface between eNb and SGW is referred to as S1U. The user plane interface between SGW and PGW is referred to as S5-U/S8-U. Both use GTPv1. Both GTPv1 and GTPv0 are supported for stripping. GTP-c control packets are not stripped. GTP1 (also referred to as “GTP-Prime”) is not supported for stripping. |
||||||||||||
Ethertype Replaced |
After the VLAN/MPLS headers are stripped, the original ethertype carried in the Layer Two header is no longer valid. The GigaSMART replaces the ethertype field differently for MPLS and VLAN packets: Ethertype Replacement for VLAN PacketsVLAN-tagged packets carry the original value for the ethertype field immediately after the VLAN tag. After the four-byte VLAN header is stripped, GigaSMART simply sets the ethertype field in the Layer 2 header to the value that was originally present in the packet past the VLAN tag. Ethertype Replacement for MPLS PacketsUnlike VLAN-tagged packets, the Layer 3 protocol type is not carried in the packet for an MPLS packet – instead, it is applied by an egress router. To handle this, the GigaSMART examines the byte following the MPLS header to determine whether the packet is IPv4/IPv6 and takes the following actions:
|
||||||||||||
CRCs Recalculated |
The GigaVUE H Series node automatically recalculates and applies correct CRC checksums based on the new packet length after the header is stripped. |
||||||||||||
Viewing Statistics |
From the device view, select GigaSMART > GigaSMART Operations (GSOPS) > Statistics to see statistics related to ongoing header stripping operations. Refer to View GigaSMART Statistics for more information. |
||||||||||||
Combine with Other Components |
You can combine the Strip Header component with other GigaSMART components in a single operation. Refer to How to Combine GigaSMART Operations for details on the combinations of GigaSMART operations. Refer to Order of GigaSMART Operations for information on the order in which components of a single GigaSMART operation are applied. |
||||||||||||
GigaSMART Engine Ports |
Header stripping operations can be assigned to GigaSMART groups consisting of multiple engine ports. Refer to Groups of GigaSMART Engine Ports for details. |
||||||||||||
Generic |
Use Generic Header Stripping to remove any arbitrary header from a packet by specifying the offset and the length of the header. For information about Generic Header Stripping, refer to Generic Header Stripping. |
The following figures illustrate how the header-stripping operations work – you can see the original MPLS packet with its label stack intact, followed by a stripped packet with a recalculated CRC and a new ethertype field.
The example shown in Figure 3 illustrates a simple GigaSMART operation named HeaderStrip configured to strip MPLS headers and add a VLAN tag of 200. The operation is assigned to the GigaSMART group with the alias of gsGrp1.
Figure 54 | Strip Header GigaSMART Operation for Stripping MPLS Headers |
The example shown in Figure 4illustrates a simple GigaSMART header stripping operation named gtp-strip configured to strip GTP tunnel information. The operation is performed by the GigaSMART group with the alias of GS1.
Figure 55 | Strip Header GigaSMART Operation for Stripping GTP Tunnel Information |
Use the configuration shown in the following figure to strip Layer 3 GRE IP encapsulated packets.
The following figure shows L3 GRE IP encapsulation before and after stripping.
Use the configuration shown in the following figure to strip Layer 2 GRE Ethernet encapsulated (Transparent Ethernet Bridging) packets.
The following figure shows L2GRE Ethernet encapsulation before and after stripping.
To display header stripping statistics, select GigaSMART > GigaSMART Operations (GSOP) > Statistics.
Refer to Header Stripping Statistics Definitions for descriptions of these statistics as well as to GigaSMART Operations Statistics Definitions.
Figure 5 shows an example GigaSMART Operation configured to strip packets containing the FM6000 timestamp:
Figure 56 | Strip Packets with FM6000 Timestamp |
Figure 3 is an example GigaSMART Operation configured to convert packets containing the FM6000 timestamp to UTC and append the UTC timestamp to the Gigamon trailer:
Figure 57 | Strip Packets and Append UTC Timestamp to the Gigamon Trailer |
Figure 7 Map with Strip Header GigaSMART Operation is an example map using the strip header GigaSMART operation in Figure 6.
Figure 58 | Map with Strip Header GigaSMART Operation |
Note: (There is one-to-one mapping between the GigaSMART Operation (gsop) and the map.
If there are multiple devices, each device can be configured with a different timestamp format. To configure this, use a different gsop and a different map for each device. For example, for packets arriving from FM6000 device1, configure a gsop for FM6000 device1 and associate it with map1. For packets arriving from FM6000 device2, configure a gsop for FM6000 device2 and associate it with map2.
All the maps can send all the packets to the same tool port.
To access GigaSMART within GigaVUE‑FM, access a device that has been added to GigaVUE‑FM from the GigaVUE‑FM interface. GigaSMART appears in the navigation pane of the device view on supported devices. Refer to Access GigaSMART from GigaVUE‑FM for details.
GigaSMART operations use Generic header strippingto remove any arbitrary headers from a packet. The headers are stripped based on the offset and the length of the header.
To perform the generic header stripping operation:
1. | Click GigaSMART on the left navigation pane. The GigaSMART Operation (GSOP) page is displayed. |
Figure 59 | GigaSMART Header Stripping |
2. | In the Alias field, enter a name. |
3. | From the GigaSMART group drop-down list, select a GigaSMART group. |
4. | From the GigaSMART Operations (GSOP) drop-down list, select Header Stripping. A Header Stripping drop-down list is displayed. |
Figure 60 | GigaSMART Generic Header Stripping |
5. | From the Header Stripping drop-down list, select Generic. |
Figure 61 | Generic Header Stripping Template |
6. | From the Template drop-down list, select one of the following options: |
Custom |
PPPoE |
Cisco LISP |
L2MPLS |
Avaya SPB |
VPLS |
GRE |
VXLAN |
TRILL |
Brocade VCS |
A custom template lets you strip any arbitrary headers from a packet.
To strip any arbitrary header from a packet:
1. | From the Template drop-down list, select Custom. |
Figure 62 | Generic Header Stripping - Custom |
2. | Select the following options to determine the headers to be stripped: |
Component |
Description |
Anchor Header 1 |
Specifies the protocol from where GigaSMART should start stripping the header. The following values can be specified: None, Eth, VLAN, MPLS, IPv4, and IPv6 The value None starts the header stripping operation from the start of the packet. If None is selected for Anchor Header 1, the Anchor Header 2 must also be set to None. The offset must not be set to end. |
Offset |
Specifies exactly from which end of Anchor Header 1 the stripping operation should start. You can specify the offset in terms of the following: Start—the header stripping operation starts from the left end of the Anchor Header 1. End—the header stripping operation starts from the right end of the Anchor Header 1. Integer—the header stripping operation starts from the specified integer offset of the Anchor Header 1. The integer value varies depending on the Anchor Header 1 specified. |
Header Count |
Specifies how many headers from the offset GigaSMART should remove. This is applicable when the packet headers are of known type. The known headers are as follows: Ethernet, VLAN, MPLS, IPv4, and IPv6. It is important to note that, if start is specified for offset, the Anchor Header 1 is already counted for stripping. So, the value specified in the Header Count excludes the Anchor Header 1. If None is specified for Anchor Header 1, the Anchor Header 1 is not counted for stripping. So, the Header Count counts the Anchor Header 1 for stripping operation. |
Custom Length |
Specifies how many bytes of packet GigaSMART should remove. If the packet headers are unknown, the custom length of the unknown header can be specified to strip the packets. A combination of Header Count and Custom Length can also be used to strip the known and unknown headers. If Custom Length is specified, do not select Any for Anchor Header 2. |
Anchor Header 2 |
Specifies the protocol that should become the next header after the stripping operation is complete. The following values can be specified: None, Eth, VLAN, MPLS, IPv4, IPv6, TCP, UDP, and Any The value Any indicates that the next possible header can be any one of the options displayed for Anchor Header 2. The value None indicates that it is not necessary to mention the Anchor Header 2. |
Note: Generic Header Stripping cannot strip unknown headers with variable length.
The PPPoE template lets you strip the PPPoE encapsulated packets from the packet structure. Figure 12 illustrates a red outline around the frame that needs to be striped.
Figure 63 | PPPoE Encapsulated Packets |
To strip the PPoE encapsulated packets:
1. | From the Template drop-down list, select PPPoE. Refer to Figure 13. |
Figure 64 | Generic Header Stripping - PPPoE |
By default, the following values are selected:
Field |
Value |
Description |
Anchor Header 1 Offset |
Eth End |
Starts the header stripping operation from the right end of the Ethernet header. |
Header Count |
1 |
Strips the header next to the Ethernet Header. |
Anchor Header 2 |
Any |
Updates a valid protocol as the Anchor Header 2 in the packet. In this case, any IPv4 or IPv6 protocol can become the Anchor Header 2. |
2. | Click OK. The header stripping operation is displayed in the GigaSMART Operations (GSOP) page. |
Cisco LISP is used to carry original IP packets to support multi-homing. In this example, the IPv4 outer header, UDP header, and LISP header are stripped from the Cisco LISP header format. The LISP header is considered as an unknown header.
Figure 14 illustrates a red outline around the frame that needs to be striped.
Figure 65 | Cisco LISP Encapsulated Packets |
To strip the Cisco LISP encapsulated packets:
1. | From the Template drop-down list, select Cisco LISP. |
Figure 66 | Generic Header Stripping - Cisco LISP |
By default, the following values are selected:
Field |
Value |
Description |
Anchor Header 1 Offset |
Eth End |
Starts the header stripping operation from the right end of the Ethernet header. |
Header Count |
2 |
Strips the next two headers— IPv4 Outer Header and UDP from the packet. |
Custom Length |
8 |
Strips 8 bytes of the unknown packet header. LISP is an unknown header. |
Anchor Header 2 |
IPv4 |
Updates IPv4 protocol as the Anchor Header 2 in the packet. |
2. | Click OK. The header stripping operation is displayed in the GigaSMART Operations (GSOP) page. |
The L2 MPLS packet, also known as VPLS, encapsulates Ethernet packets in the MPLS label stack. In this example, the outer Ethernet header and MPLS [PW Label] are stripped from the L2 MPLS encapsulated packets.
Figure 16 illustrates a red outline around the frame that needs to be striped.
Figure 67 | L2 MPLS Encapsulated Packets |
To strip the outer MAC header from the L2 MPLS encapsulated packets:
1. | From the Template drop-down list, select L2MPLS. |
Figure 68 | Generic Header Stripping - L2 MPLS |
By default, the following values are selected:
Field |
Value |
Description |
Anchor Header 1 Offset |
None Start |
Starts the header stripping operation from the start of the Ethernet header. |
Header Count |
2 |
Strips the first and the second header from the packet. The outer Ethernet header and MPLS [PW label] packet header are both removed. As Anchor Header 1 is set to none, the Header Count counts the first header for stripping. |
Anchor Header 2 |
None |
Signifies that there is no need to specify the Anchor Header 2. In this case, the IPv4 protocol forms the first header of the packet after the stripping operation is complete. |
2. | Click OK. The header stripping operation is displayed in the GigaSMART Operations (GSOP) page. |
VXLAN encapsulates Ethernet packets in IP using VXLAN header. In this example, the outer Ethernet header, outer IP header, outer UDP header, and VXLAN Header are stripped from the VXLAN encapsulated packets.
Figure 18 illustrates a red outline around the frame that needs to be striped.
Figure 69 | VXLAN Encapsulated Packets |
To strip the outer Ethernet frame from the VXLAN encapsulated packets:
1. | From the Template drop-down list, select VXLAN. |
Figure 70 | Generic Header Stripping - VXLAN |
By default, the following values are selected:
Field |
Value |
Description |
Anchor Header 1 Offset |
Eth Start |
Starts the header stripping operation from the start of the Ethernet header. |
Header Count |
3 |
Strips the next three headers—outer IP header, outer UDP header, and VXLAN header. |
Anchor Header 2 |
None |
Signifies that there is no need to specify the Anchor Header 2. In this case, the IPv4 protocol forms the first header of the packet. Note: When the Anchor Header 1 is set to None, the Anchor Header 2 must also be set to None. |
2. | Click OK. The header stripping operation is displayed in the GigaSMART Operations (GSOP) page. |
TRILL encapsulates Ethernet packets in Ethernet frame to provide L2 layer routing in data centers. In this example, consider TRILL as an unknown header. This TRILL frame is stripped with the inner Ethernet header from the encapsulated packets. The combined length of TRILL header (6 bytes) and inner Ethernet header (14 bytes) is 20 bytes.
Figure 20 illustrates a red outline around the frame that needs to be striped.
Figure 71 | TRILL Encapsulated Packets |
To strip TRILL from the encapsulated packets:
1. | From the Template drop-down list, select TRILL. |
Figure 72 | Generic Header Stripping - TRILL |
By default, the following values are selected:
Field |
Value |
Description |
Anchor Header 1 Offset |
TRILL End |
Starts the header stripping operation from the right end of the outer Ethernet header. |
Custom Length |
20 |
Strips 20 bytes of unknown header from the packets. In this case, the TRILL and the inner Ethernet headers are stripped. |
Anchor Header 2 |
IPv4 |
Updates IPv4 protocol as the second header in the packet. |
2. | Click OK. The header stripping operation is displayed in the GigaSMART Operations (GSOP) page. |
Avaya SPB (802.1ah) fabric encapsulates Ethernet packets using MAC-In-MAC headers. In this example, the outer Ethernet header and ITAG are removed from the packet structure.
Figure 22 illustrates a red outline around the frame that needs to be striped..
Figure 73 | Avaya SPB Encapsulated Packets |
To strip the outer Ethernet headers from the Avaya SPB encapsulated packets:
1. | From the Template drop-down list, select Avaya SPB. |
Figure 74 | Generic Header Stripping - Avaya SPB |
By default, the following values are selected:
Field |
Value |
Description |
Anchor Header 1 Offset |
None Start |
Starts the header stripping operation from the left end of the outer Ethernet header. |
Header Count |
2 |
Strips the outer Ethernet and ITAG headers from the packet. |
Anchor Header 2 |
None |
Signifies that it is not necessary to specify the next header. The inner Ethernet header becomes the first header after the stripping operation is complete. |
2. | Click OK. The header stripping operation is displayed in the GigaSMART Operations (GSOP) page. |
You can also strip the ITAG, inner Ethernet header, and VLAN from the packet structure.
Figure 24 illustrates a red outline around the frame that needs to be striped.
Figure 75 | Avaya SPB Encapsulated Packets |
To strip the inner Ethernet headers from the encapsulated packets:
1. | Select the following values to strip the inner Ethernet headers from the encapsulated packets: |
Field |
Value |
Description |
Anchor Header 1 Offset |
Eth End |
Starts the header stripping operation from the right end of the outer Ethernet header. |
Header Count |
3 |
Strips the ITAG, inner Ethernet, and VLAN headers from the packet. |
Anchor Header 2 |
Any |
Indicates that any valid protocol available after the header stripping operation can become the next header in the packet. |
2. | Click OK. The header stripping operation is displayed in the GigaSMART Operations (GSOP) page. |