gsop

Required Command-Line Mode = Configure

Use the gsop command to create GigaSMART operations. GigaSMART operations consist of a name and a supported combination of the available GigaSMART applications you have licensed.

This command does not apply to GigaVUE TA Series nodes.

Note:  Refer to the “Combining GigaSMART Operations” section in the GigaVUE Fabric Management Guide for details on supported combinations of GigaSMART operations.

Note:  Refer to the “Order of GigaSMART Operations” section in the GigaVUE Fabric Management Guide for information on the order in which GigaSMART components are applied in a single operation.

Note:  Refer to Configure GigaSMART Operations for examples of how to configure the various GigaSMART operations.

The gsop command has the following syntax:

gsop alias <alias>  
 add-header vlan <1-4094> 
 apf set

asf enhanced <enhanced asf alias> port-list <gsgroup name>   asf <ASF alias>
  dedup set  
 flow-ops <flow-filtering <gtp> | flow-sampling | gtp-flowsample | gtp-whitelist | netflow | sip-flowsample | sip-whitelist | diameter-flowsample | diameter-whitelist | 5g-whitelist | 5g-flowsample>

   inline-ssl <inline SSL profile alias>
lb     
 app <asf | gtp | tunnel | 5G> metric <lt-bw | lt-pkt-rate | round-robin | lt-conn | lt-tt-traffic | wt-lt-bw |         
 wt-lt-pkt-rate | wt-round-robin | wt-lt-conn | wt-lt-tt-traffic | wt-supi | wt-imsi | hashing <key <imsi | imei | msisdn>>     
 app <sip> metric hashing key caller-id  
 app <diameter> metric hashing key <user-name | command-code | session-id>

app <diameter> metric multi-hash key user-name application-id command-code

user-name

command-code

session-id

end-to-end id

hop-by-hop-id

app <<5g> metric hashing key <supi | pei | gpsi>>

application-id

avp-code
      hash <ip-only <inner | outer> | ip-and-port <inner | outer> | 5-tuple <inner | outer> | gtpu-teid>   masking protocol
      enhanced <elb-name>
      none offset <0-9000>
      ipv4 offset <1-9000>
      ipv6 offset <1-9000>
      udp offset <1-9000>
      tcp offset <1-9000>
      ftp-data offset <1-9000>
      https offset <1-9000>
      ssh offset <1-9000> 
     gtp offset <1-9000>
      gtp-ipv4 offset <1-9000>
      gtp-udp offset <1-9000>
      gtp-tcp offset <1-9000>
      <pattern: 1-byte-hex>
      <length: 1-9600>
      sip content-type message/cpim
   port-list <GigaSMART group alias>
   slicing protocol
      none offset <64-9000>
      ipv4 offset <4-9000>
      ipv6 offset <4-9000>
      udp offset <4-9000>
      tcp offset <4-9000>
      ftp-data offset <4-9000>
      https offset <4-9000>
      ssh offset <4-9000>
      gtp offset <4-9000>
      gtp-ipv4 offset <4-9000>
      gtp-udp offset <4-9000>
      gtp-tcp offset <4-9000>
   ssl-decrypt in-port <<ingress port> | any> out-port <<egress port> | auto>
   strip-header
      erspan <0-1023>
      fabric-path <dst-switch-id <0-(2^12-1)>> <src-switch-id <0-(2^12-1)>> 
     fm6000-ts <gs | none | x12-ts>
      generic anchor-hdr1 <none | eth | vlan | mpls | ipv4 | ipv6><offset <start | end | <integer>>
         <header-count<1-32> [custom-len <1-1500>]<anchor-hdr2 <none | eth | vlan | mpls | ipv4 | ipv6 | tcp |          udp | any>>
      gre
      gtp 
     isl 
     mpls
     mpls+vlan
     vlan <outer | all>
     vntag
     vxlan <0-(2^24-1)>
   trailer
      add crc <enable | disable> <srcid <enable | disable>
      remove
   tunnel-decap type

tunnel-decap type tcp add <listener>
      custom <portsrc <0-65535> portdst <0-65535>>
      erspan flow-id <0-1023>
      gmip portdst <0-65535>
      l2gre key <0~(2^32-1)>
      vxlan <portsrc <0-65535> portdst <1-65535> vni <0~(2^24-1)>>
   tunnel-encap type
   gmip <portsrc <0-65535> portdst <0-65535> ipdst <IP address>> [dscp <0-63>] [prec <0-7>]
         [ttl <1-255>]
   l2gre
         ip6dst <IPv6 destination address> key <0~(2^32-1)> [dscp <0-63>] [flow-label <0~(2^20-1)>]
            [prec <0-7>] [ttl <1-255>]
         ipdst <IP address> key <0~(2^32-1)>
         pgdst <port group name> key <0~(2^32-1)> session-field <3-tuple-any | 3-tuple-ipv4 | 3-tuple-ipv6 |
            5-tuple-any | 5-tuple-ipv4 | 5-tuple-ipv6 | ip-any | ipv4-only | ipv6-only> <inner | outer>

The following table describes the arguments for the gsop command:

Argument

Description

alias <alias>

Specifies the alias for this GigaSMART operation. Use the alias for all management of a GigaSMART operation, including binding it to a map rule.

add-header vlan <1-4094>

Specifies the add-header GigaSMART operation. Packets processed by this GigaSMART operation are tagged with the specified VLAN tag. This feature can be used in conjunction with the strip-header operation to differentiate stripped packets using common IP ranges (10.x.x.x or 192.168.x.x) from non-stripped packets in the same IP range.

Refer to the “GigaSMART Header Addition” section in the GigaVUE Fabric Management Guide for details.

apf set

Specifies the APF GigaSMART operation. Packets processed by this operation are evaluated using Adaptive Packet Filtering rules configured with the map command’s gsrule argument.

Refer to the “GigaSMART Adaptive Packet Filtering (APF)” section in the GigaVUE Fabric Management Guide.

asf enhanced <enhanced asf alias> port-list <gsgroup name>

Specifies the enhanced Application Session Filtering (ASF) GigaSMART operation by configuring an alias.

Examples:

(config) # gsop alias <gsop alias> apf set asf enhanced <enhanced asf alias> port-list <gsgroup name>

 

Refer to the GigaSMART EnhancedApplication Session Filtering (ASF) " section in the GigaVUE Fabric Management Guide for details.

 

asf <ASF alias>

Specifies the Application Session Filtering (ASF) GigaSMART operation by configuring an alias.

Examples:

(config) # gsop alias gsop2 asf asf2 port-list gsgrp1

(config) # gsop alias gsop1 apf set asf asf1 port-list gsg1

Refer to the GigaSMART Application Session Filtering (ASF) and Buffer ASF” section in the GigaVUE Fabric Management Guide for details.

dedup set

Specifies the de-duplication GigaSMART operation. Packets processed by this operation are analyzed for duplicates. A packet is considered to be a duplicate if its bits are identical to the original packet from Layer 3 (Network layer) onwards, including the payload (differences in Layer 2 are not considered). For example, if two packets are identical except for Time-to-Live (TTL), they will be counted as duplicates.

If you use this operation, you can also use gsparams to set the following:

the time interval within which an identical packet will be considered a duplicate.
whether duplicates should be counted or dropped.
the packet fields that are used to detect duplicates.

For details of the gsparams command, refer to gsparams.

Refer to the GigaSMART De-duplication” section in the GigaVUE Fabric Management Guide.

flow-ops <flow-filtering <gtp> | flow-sampling | gtp-flowsample | gtp-whitelist | netflow | sip-flowsample | sip-whitelist | diameter-flowsample | diameter-whitelist |5g-whitelist |5g-flowsample>

Configures GigaSMART operations as follows:

flow-filtering <gtp>—Creates a GigaSMART operation that enables GTP Correlation. Then, create a second level map with a flowrule component that specifies which GTP IMSI, IMEI, MSISDN, or version should be filtered from the virtual port to a tool port.

For example:

(config) # gsop alias gtpFilter flow-ops flow-filtering gtp port-list gsgrp1

Refer to the GigaSMART GTP Correlation section in the GigaVUE Fabric Management Guide for details and examples.

flow-sampling—Creates a GigaSMART operation that uses FlowVUE to perform subscriber-based IP sampling. Use the gsparams command to specify the type of subscribers that are sampled (inner or outer IP addresses), the rate at which they are sampled, the IP ranges themselves, and the timeout values for any idle devices. These settings are unique for each GigaSMART engine group—they cannot be configured on a per-map basis.

For example:

(config) # gsop alias gsfvue flow-ops flow-sampling port-list gsgrp2

Refer to the GigaSMART FlowVUE section in the GigaVUE Fabric Management Guide for details and examples.

gtp-flowsample—Enables GTP flow sampling.

For example:

(config) # gsop alias fs1 flow-ops gtp-flowsample port-list gsgrp3

Refer to the GigaSMART GTP Whitelisting and GTP Flow Sampling” section in the GigaVUE Fabric Management Guide for details and examples.

gtp-whitelist—Enables GTP forward list selective forwarding - forward (formerly whitelist)ing.

For example:

(config) # gsop alias wlf1 flow-ops gtp-whitelist port-list gsgrp4

Refer to the “GigaSMART GTP Whitelisting and GTP Flow Sampling” section in the GigaVUE Fabric Management Guide details and examples.

netflow—Enables NetFlow generation.

For example:

(config) # gsop alias gsop2 flow-ops netflow port-list gsgrp5

Refer to the GigaSMART NetFlow Generation” section in the GigaVUE Fabric Management Guide for details and examples.

sip-flowsample—Enables SIP flow sampling for SIP/RTP.

Examples:

(config) # gsop alias sip-flowsample-no-lb flow-ops sip-flowsample port-list gsg2

(config) # gsop alias sip-flowsample flow-ops sip-flowsample lb app sip metric hashing key caller-id port-list gsg1

Refer to the GigaSMART SIP/RTP Correlation section in the GigaVUE Fabric Management Guide for details and examples.

sip-whitelist—Enables SIP forward listing for SIP/RTP.

Examples:

(config) # gsop alias sip-whitelist-no-lb flow-ops sip-whitelist port-list gsg2

(config) # gsop alias sip-whitelist flow-ops sip-whitelist lb app sip metric hashing key caller-id port-list gsg1

diameter-flowsample—Enables diameter flow sampling.

Examples:

(config) # gsop alias diameter-s6a-flowsample flow-ops diameter-flowsample port-list gsgroup1

(config) # flow-ops diameter-flowsample lb app diameter metric hashing key username port-list gsgroup1

 

diameter-whitelist—Enables diameter forward listing.

Examples:

(config) # gsop alias diameter-s6a-wl flow-ops diameter-whitelist port-list grp1

(config) # gsop alias diameter-s6a-wl flow-ops diameter-whitelist lb app diameter metric hashing key username

Refer to the GigaSMART SIP/RTP Correlation” section in the GigaVUE Fabric Management Guide for details and examples.

5g-whitelist—Enables 5g-forward listing.
5g-flowsampling—Enables 5g-flowsampling.

inline-ssl <inline SSL profile alias>

Attaches the inline SSL profile to a GigaSMART operation by specifying the alias of the profile.

For example:

(config) # gsop alias issl1-gsop inline-ssl sslprofile port-list gsgrp1

Refer to apps inline-ssl for information on profiles for inline SSL decryption.

lb    app <asf | gtp | tunnel> metric <lt-bw |       lt-pkt-rate | round-robin | lt-conn | lt-tt-traffic       | wt-lt-bw | wt-lt-pkt-rate | wt-round-robin |       wt-lt-conn | wt-lt-tt-traffic | | wt-lt-tt-traffic | wt-imsi | wt-supi | hashing [key       <imsi | imei | msisdn]>   hash <ip-only <inner | outer> | ip-and-port       <inner | outer> | 5-tuple <inner | outer> |          gtpu-teid>

   apps enhanced-lb alias <elb-name> hash-field <add |delete><LIST><inner|outer>exit

Configures stateful or stateless load balancing.

app <asf | gtp | tunnel> metric—Configures the following stateful load balancing metrics for ASF, GTP, or tunnel:
■   lt-bw—least bandwidth. Not supported for tunnel.
■   lt-pkt-rate—least packet rate
■   round-robin—round robin
■   lt-conn—least connection
■   lt-tt-traffic—least cumulative traffic
■   wt-lt-bw—weighted least bandwidth. Not supported for tunnel.
■   wt-lt-pkt-rate—weighted least packet rate
■   wt-round-robin—weighted round robin
■   wt-lt-conn—weighted least connection
■   wt-lt-tt-traffic—weighted least cumulative traffic
■   wt-imsi—weighted IMSI stateful
■   wt-supi—weighted SUPI stateful
o hashing—hashing (include key). The hashing key only applies to the GTP stateful application.
hash—Configures the following stateless load balancing metrics:
■   ip-onlysource leader in a bidirectional clock relationship (formerly master) IP and destination IP addresses
■   ip-and-port—source IP and destination IP addresses, source port and destination port numbers
■   5-tuple—source IP and destination IP addresses, source port and destination port numbers, protocol field in IP header
■   gtpu-teid—GTP-u tunnel ID

Also, configures the following field locations for hash:

•   outer—first occurrence of header or field
•   inner—second occurrence of header or field

Note:  There is no inner or outer field location for gtpu-teid.

apps enhanced-lb alias <elb-name>—Configures the following enhanced load balancing hash-field metrics:
■   ip - source IP and destination IP addresses
■   l4port - L4 source port and L4 destination port numbers
■   gtpu-teid - GPRS Tunnel Endpoint Identifier (TEID)

Also, configures the following field locations for hash:

■   outer—first occurrence of header or field
■   inner—second occurrence of header or field

Note:  There is no inner or outer field location for gtpu-teid.

Refer to the GigaSMART Load Balancing” section in the GigaVUE Fabric Management Guide for details.

lbapp <sip> metric hashing key caller-id

Configures stateful load balancing for SIP/RTP.

Examples:

(config) # gsop alias sip-fs-lb lb app sip metric hashing key caller-id flow-ops sip-flowsample port-list gsgrp

(config) # gsop alias sip-wl-lb lb app sip metric hashing key caller-id flow-ops sip-whitelist port-list gsgrp

lbapp <diameter> metric hashing key <user-name | command code | session-id>

Configures stateful load balancing for Diameter S6a.

Examples:

(config) #gsop alias diameter-s6a-flowsample-sid flow-ops diameter-flowsample lb app diameter metric hashing key username port-list gsgroup1

(config) # gsop alias diameter-s6a-flowsample-appid flow-ops diameter-flowsample lb app diameter metric hashing key username port-list gsgroup1

app <diameter> metric multi-hash key user-name application-id command mode

--- user-name

--- command-code

--- session-id

--- end-to-end id

--- hop-by-hop-id

-- application-id

----- avp-code

Configures the stateless load balancing for Diameter S6a. You must provide any of the following three keys for multi-hashing:

user-name— Specifies the IMSI Diameter key.
command-code—Specifies the Command Code key.
session-id—Specifies the Diameter Session-ID.
end-to-end-id—Specifies the End-to-End ID key.
hop-by-hop-id— Specifies the Hop-by-Hop ID key.
application-id—Specifies the Application ID key.
avp-code—Specifies the AVP-CODE key.

You can configure the avp-code as the last parameter. You must provide the avp-code value while configuring the avp-code.

Examples:

(config) # gsop alias gsop_or_imsi_hop_avp flow-ops diameter-flowsample lb app diameter metric multi-hash key user-name end-to-end avp-code 234 port-list group1

(config) # gsop alias dia_fs_lb flow-ops diameter-flowsample lb app diameter metric multi-hash key user-name application-id command-code port-list grp1

app <<5g> metric hashing key <supi | pei | gpsi>>

Configures the stateless load balancing for 5G. You must provide any of the following three keys for multi-hashing:

SUPI— Specifies the SUPI.
pei—Specifies the pei.
gpsi—Specifies the gpsi.

masking protocol   none offset <0-9000>   ipv4 offset <1-9000>   ipv6 offset <1-9000>   udp offset <1-9000>   tcp offset <1-9000>   ftp-data offset <1-9000>   https offset <1-9000>   ssh offset <1-9000>   gtp offset <1-9000>   gtp-ipv4 offset <1-9000>   gtp-udp offset <1-9000>   gtp-tcp offset <1-9000>   <pattern: 1-byte-hex>   <length: 1-9600>   sip content-type message/cpim

Specifies the masking GigaSMART operation. Packets processed by this GigaSMART operation mask the specified field with the supplied pattern. You can specify the field to be masked either in terms of a static, hard-coded offset or by using a relative offset from a specified packet header as follows:

Specify a protocol of none with an offset of 0 to indicate the beginning of an Ethernet frame.
Specify a static offset by supplying an offset, length, and pattern. In the following example, masking starts at an offset of 14 bytes by repeating the 0xFF pattern for 88 bytes:

(config) # gsop alias mymask masking protocol none offset 14 pattern ff length 88 port-list GS1

Use one of the packet header and offset options to specify a relative offset.
pattern is the one-byte hexadecimal pattern used for the masking.
length specifies how much of the packet from the offset should be masked.

Refer to the GigaSMART Masking” section in the GigaVUE Fabric Management Guide for details.

For SIP/RTP:

content-type message/cpim is masking only for UDP.

Examples:

(config) # gsop alias sip-content-mask masking protocol sip content-type message/cpim port-list gsgrp

(config) # gsop alias sip-fs-lb flow-ops sip-flowsample lb app sip metric hashing key caller-id masking protocol sip content-type message/cpim port-list gsgrp

(config) # gsop alias sip-wl-lb flow-ops sip-whitelist lb app sip metric hashing key caller-id masking protocol sip content-type message/cpim port-list gsgrp

port-list <GigaSMART group alias>

Specifies the GigaSMART group that will be used to process this GigaSMART operation.

Use the gsgroup command to create groups of GigaSMART engine ports in a given chassis as follows:

Each of the two GigaSMART engine ports in an SMT-HC3-C05 module on GigaVUE‑HC3 can process packets at up to 100Gb.
The GigaSMART engine port in a GigaSMART-HC0 module on GigaVUE‑HC2 can process packets at up to 40Gb.
The GigaSMART engine port in the GigaVUE‑HC1 node can process packets at up to 20Gb.
The GigaSMART engine port in the GigaVUE-HB1 node can process packets at up to 10Gb.

GigaSMART engine ports are numbered with an e prefix using <bid/sid/e1..e2> nomenclature—1/1/e1, for example.

Note:  The ports in a GigaSMART group can be on different line cards in the same chassis. However, they must all be on the same chassis.

Note:  The slot ID for a GigaVUE‑HC1 chassis is fixed at 1.

Note:  The bay ID for a GigaVUE‑HC2 with a rear GigaSMART module is fixed at 5. The bay ID for a GigaVUE‑HC2 with GigaSMART front modules or a GigaVUE‑HC3, will be 1 to 4, depending on where the module or modules are installed.

The number of GigaSMART engine ports available in a chassis will depend on the number of GigaSMART line cards or modules in the chassis—up to four in the GigaVUE‑HC3, and up to five in the GigaVUE‑HC2 (four front GigaSMART modules with one GigaSMART engine port each, and one rear GigaSMART module with one GigaSMART engine).

The GigaVUE‑HC1 has one GigaSMART engine port.

slicing protocol   none offset <64-9000>   ipv4 offset <4-9000>   ipv6 offset <4-9000>   udp offset <4-9000>   tcp offset <4-9000>   ftp-data offset <4-9000>   https offset <4-9000>   ssh offset <4-9000>   gtp offset <4-9000>   gtp-ipv4 offset <4-9000>   gtp-udp offset <4-9000>   gtp-tcp offset <4-9000>

Specifies the slicing GigaSMART operation. Packets processed by this GigaSMART operation are sliced after the specified packet header and offset or offset.

Refer to the GigaSMART Packet Slicing” section in the GigaVUE Fabric Management Guide for details.

ssl-decrypt in-port <<ingress port> | any> out-port <<egress port> | auto>

Specifies the Passive SSL decryption GigaSMART operation as follows:

in-port—Specifies the destination port on which to listen. It can be an ingress port number between 1 and 65535 or any, which means that traffic will be accepted on any server port from 1-65535. Specifying a port number means that traffic for SSL decryption will only be accepted from that port number.
out-port—Specifies the destination port on which to send decrypted traffic. It can be an egress port number between 1 and 65535 or auto, which means that the outgoing server port is selected at random or by the following port mapping:

Port: in-port—out-port:

IMAP: 993—143

POP3: 995—110

SMTP: 465—25

LDAP: 636—389

NNTP: 563—119

HTTP: 443—80

For example:

(config) # gsop alias ssl_dec ssl-decrypt in-port any out-port auto port-list GSGROUP1

Optionally, the de-duplication GigaSMART operation can be applied before SSL decryption. For example:

(config) # gsop alias ssl_dec ssl-decrypt in-port any out-port 333 dedup set port-list gsgrp1

Refer to the GigaSMART SSL Decryption for Out-of-Band Tools” section in the GigaVUE Fabric Management Guide for details.

strip-header    erspan <0-1023>   fabric-path <dst-switch-id <0-(2^12-1)>>      <src-switch-id <0-(2^12-1)>>   fm6000-ts <gs | none | x12-ts>   generic anchor-hdr1 <none | eth | vlan |       mpls | ipv4 | ipv6 ><offset <start | end |      integer>><header-count<1-32> [custom-len      <1-1500>]<anchor-hdr2 <none | eth | vlan |      mpls | ipv4 | ipv6 | tcp | udp | any>>

   gre   gtp   isl   mpls   mpls+vlan   vlan <outer | all>   vntag   vxlan <0-(2^24-1)>

Specifies the strip-header GigaSMART operation to identify and remove the following:

erspan—Specifies an ERSPAN flow ID, from 0 to 1023. Use this option to strip an ERSPAN header. Both ERSPAN Type II and Type III headers are supported. A flow ID of zero is a wildcard value that matches all flow IDs.
o fabric-path—Specifies packets matching a destination switch ID and source switch ID, for Cisco FabricPath headers. The dst-switch-id and src-switch-id attributes are mandatory. Enter a value from 0 to 4095 (<0-(2^12-1)>) for a 12-bit switch ID. Enter 0 to strip all switch IDs.
fm6000-ts—Specifies how to handle the FM6000 timestamp, as follows:
o gs—Specifies to strip the FM6000 timestamp, convert to UTC, and add the UTC timestamp to the GigaSMART trailer.
o none—Specifies to strip the FM6000 timestamp.
o x12-ts—Specifies to strip the FM6000 timestamp, convert to UTC, and add the UTC timestamp to the PRT-H00-X12TS trailer.
generic—Specifies to strip any arbitrary header from the packet, by using the offset and the length of the header.
o anchor-hdr1—Specifies the protocol from where GigaSMART should start stripping the header. The protocols supported are as follows:
■   none —starts stripping the header from the start of the packet
■   eth—starts stripping the packet from Ethernet header
■   vlan—starts stripping the packet from VLAN header
■   mpls—starts stripping the packet from MPLS header
■   ipv4— starts stripping the packet from IPv4 header
■   ipv6— starts stripping the packet from IPv6 header
o offset—Specifies exactly from which end of the first anchor header the stripping operation should start. The following offset can be specified:
■   start—starts stripping the packet from the left end of the first anchor header.
■   end—starts stripping the packet from the right end of the first anchor header.
■   <integer>—starts stripping the packet from the specified integer offset of the first anchor header. The integer value depends on the anchor-hdr1.
o header-count—Specifies how many headers from the offset GigaSMART should remove. The header count value can be 1 to 32.
o anchor-hdr2—Specifies the protocol that should become the next header after the stripping operation is complete. The protocols supported are as follows:
■   none —specifies that the next possible header is none
■   eth—specifies that the next possible header is Ethernet
■   vlan—specifies that the next possible header is VLAN
■   mpls—specifies that the next possible header is MPLS
■   ipv4— specifies that the next possible header is IPv4
■   ipv6— specifies that the next possible header is IPv6
■   tcp—specifies that the next possible header is TCP
■   udp—specifies that the next possible header is UDP
■   any—specifies that the next possible header can be any of the above headers in the packet.

strip-header (continued)

gre—Specifies outer IPv4/GRE headers.
gtp, isl—Specifies header and trailer of ISL or GTP-encapsulated packets (tunneled packets).
mpls, mpls+vlan, vlan, vntag, vxlan—Specifies MPLS headers, VLAN headers, MPLS and VLAN headers, VN-Tag, or VXLAN headers.

For VXLAN headers, you can either strip all VXLAN packets with a matching header value or, alternatively, enter a value of 0 for the VXLAN ID to strip the headers from all VXLAN packets. The syntax is as follows:

(config) # gsop alias <alias> strip-header vxlan <0-(2^24-1)>

Refer to the “GigaSMART Header Stripping” section in the GigaVUE Fabric Management Guide for details.

trailer    add crc <enable | disable> <srcid <enable | disable>   remove

Specifies the trailer GigaSMART operation and whether to include or remove the GigaSMART trailer with this operation.

The Gigamon trailer is mandatory for some features (for example, including a Source ID field indicating the port where a packet arrived on the GigaVUE H Series node) and optional for others (slicing and masking). The arguments are as follows:

crc—Specifies whether to include the original packet’s CRC as a field in the trailer.

Note:  The modified packet’s actual CRC is always recalculated to reflect its new length. This argument only specifies whether to include the original packet’s CRC as a field in the trailer.

srcid—Specifies whether to include the Source ID field as a field in the trailer. The Source ID field indicates the port where a packet entered the Gigamon Visibility Platform.
remove—Specifies the trailer to remove. This argument cannot be combined with other operations. It is useful in situations where you have cascade connections—a tool port receiving packets with a GigaSMART trailer is physically cabled to a GigaVUE network port, sending the packets received on the tool port back into a GigaVUE H Series node. In cases like these, you may want to remove the GigaSMART trailer before the packets are forwarded to other tools.

Refer to the “Using GigaSMART Trailers” section in the GigaVUE Fabric Management Guide for details.

tunnel-decap type   custom <portsrc <0-65535> portdst       <0-65535>>   erspan flow-id <0-1023>   gmip portdst <0-65535>   l2gre key <0~(2^32-1)>   vxlan <portsrc <0-65535> portdst <1-65535>       vni <0~(2^24-1)>>

Specifies the tunnel-decap GigaSMART operation to use in conjunction with a tunneled network port to configure the receiving end of a tunnel.

You can use a tunnel-decap port on a GigaVUE H Series node to receive and decapsulate tunneled traffic. Specify the type of tunnel in the command as follows:

custom—Specifies custom tunnel termination at GigaSMART, with a source and destination port in the range from 0 to 65535. When the source or destination port is 0, the packet will not check for the presence of a Layer 4 (L4) header or will not be validated against the L4 port if present in packet. Refer to the GigaSMART Custom Tunnel Decapsulation” section in the GigaVUE Fabric Management Guide.
erspan flow-id—Specifies an ERSPAN flow ID, from 0 to 1023. Use this option when decapsulating traffic received over a Cisco-standard ERSPAN tunnel. Both ERSPAN Type II and Type III headers are supported. A flow ID of 0 decapsulates all ERSPAN tunnel traffic regardless of flow ID. Refer to the “GigaSMART ERSPAN Tunnel Decapsulation” section in the GigaVUE Fabric Management Guide for details.
gmip portdst—Specifies the UDP port, from 0 to 65535, on which the tunnel network port on the receiving GigaVUE H Series is listening. Use this option when decapsulating traffic from a GigaSMART-enabled node. The setting must match the configuration of the portdst configured on the sending end of the tunnel. Refer to the “GigaSMART IP Encapsulation/Decapsulation (GigaSMART Tunnel)” section in the GigaVUE Fabric Management Guide for details.
l2gre key—Specifies the type of tunnel to decapsulate the packet and the GRE key to be validated in the GRE decapsulation. Only packets matching the key values will be decapsulated. Other packets will be dropped.The key is a 32-bit value. The range is from zero (0) to 232 - 1. If you configure the key as 0, the key field is not validated, that is, the key field in the packet can have any value or no value. Refer to the “GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation” section in the GigaVUE Fabric Management Guide for details.
vxlan—Specifies VXLAN tunnel termination at GigaSMART, with a source UDP port in the range from 0 to 65535, a destination port in the range from 1 to 65535, and a VXLAN Network Identifier (VNI) in the range from 0 to 224 - 1. When the source port is 0, the packet will not be validated against the L4 source port. When the VNI is 0, all VXLAN identifiers will be stripped. Refer to the GigaSMART VXLAN Tunnel Decapsulation” section in the GigaVUE Fabric Management Guide for details.

Examples:

(config) # gsop alias tun_decap tunnel-decap type l2gre key 12314 port-list gsport1

(config) # gsop alias de_tunnel1 tunnel-decap type custom portsrc 100 portdst 4789 port-list gsgroup1

(config) # gsop alias de_tunnel2 tunnel-decap type vxlan portsrc 100 portdst 100 vni 10 port-list gsgroup1

tunnel-encap type    gmip <portsrc <0-65535> portdst <0-65535>       ipdst <IP address>> [dscp <0-63>]       [prec <0-7>] [ttl <1-255>]

Specifies the tunnel-encap type, GMIP, to use in conjunction with a network port that is associated with an IP interface to configure the sending end of a tunnel.

GigaSMART tunnels send traffic arriving from a GigaSMART-enabled node over the Internet to a second GigaSMART-enabled node where the traffic is decapsulated and made available to local packet distribution. The arguments are as follows:

portsrc—Specifies the UDP port, from 0 to 65535, used in the headers of tunneled packets sent to the destination.
portdst—Specifies the UDP port, from 0 to 65535, on which the network port that is associated with an IP interface and residing on the destination node is listening. The portdst must match the configuration of the corresponding tunnel-decap operation’s portdst.
ipdst—Specifies the IP address of the port, that is associated with the IP interface alias, on the destination GigaSMART-enabled node.

By default, the tunnel-encapsulation application copies the ToS byte from the inner packet to the header of the tunnel packet, ensuring the same values. Similarly, TTL is automatically set to ensure delivery of packets from the sending node to the receiving node. However, you can use the following options to change the QoS assigned to tunneled packets:

dscp—Specifies a decimal DSCP value from 0 to 63 to be used in the ToS byte of the outer headers of tunneled packets. The default is 0.
prec—Specifies a decimal precedence value from 0 to 7 to be used in the ToS byte of the outer headers of tunneled packets. The default is 0.
ttl—Specifies the TTL value. If you find that tunneled packets are expiring in transit from source to destination, you can increase the TTL value used in the outer headers of tunneled packets with this option. Increasing the TTL allows tunneled packets to transit more hops before expiring (each hop decrements a packet’s TTL by one). The values are from 1 to 255. The default is 255.

Refer to the GigaSMART IP Encapsulation/Decapsulation (GigaSMART Tunnel) section in the GigaVUE Fabric Management Guide for details.

tunnel-encap type l2gre    ip6dst <IPv6 destination address>       key <0~(2^32-1)> [dscp <0-63>]       [flow-label <0~(2^20-1)>]       [prec <0-7>] [ttl <1-255>]

Specifies the type of tunnel, Layer 2 GRE, to encapsulate the packet. The arguments are as follows:

ip6dst—Specifies the IPv6 destination address to be used in the encapsulation.
key—Specifies the key to be added in the GRE encapsulation. The key is a 32-bit value. The range is from zero (0) to 232 - 1. If you configure the key as 0, the GRE header will not carry the key field and the key bit will be set to 0. Use the same GRE key at tunnel-encap and tunnel-decap ends for successful tunneling.

Note:  Use the same GRE key at tunnel-encap and tunnel-decap ends for successful tunneling.

dscp—Specifies a decimal DSCP value from 0 to 63 to be used in the ToS byte of the outer headers of tunneled packets. The default is 0.
flow-label—Specifies a label to identify a particular flow. The flow label is a 20-bit value. The range is from zero (0) to 220 - 1.
prec—Specifies a decimal precedence value from 0 to 7 to be used in the ToS byte of the outer headers of tunneled packets. The default is 0.
ttl—Specifies the TTL value. If you find that tunneled packets are expiring in transit from source to destination, you can increase the TTL value used in the outer headers of tunneled packets with this option. Increasing the TTL allows tunneled packets to transit more hops before expiring (each hop decrements a packet’s TTL by one). The values are from 1 to 255. The default is 255.

For example:

(config) # gsop alias gs_tunnel tunnel-encap type l2gre ip6dst 2001::3 key 5 flow-label 2452 ttl 25 dscp 62 prec 3 port-list gsop1

tunnel-encap type l2gre    ipdst <IP address> key <0~(2^32-1)>   pgdst <port group name> key <0~(2^32-1)>       session-field <3-tuple-any | 3-tuple-ipv4 |       3-tuple-ipv6 | 5-tuple-any | 5-tuple-ipv4 |       5-tuple-ipv6 | ip-any | ipv4-only |       ipv6-only> <inner | outer>

Specifies the tunnel-encap type, Layer 2 GRE, to use in conjunction with a tunneled network port to configure the sending end of a tunnel.

The arguments are as follows:

ipdst—Specifies the IP address (IPv4) of the port, that is associated with the IP interface alias, on the destination GigaSMART-enabled node.
pgdst—Specifies the port group destination.
key—Specifies the GRE key that identifies the source of the tunnel. The key is a 32-bit value. The range is from zero (0) to 232 - 1. If you configure the key as 0, the GRE header will not carry the key field and the key bit will be set to 0. Use the same GRE key at tunnel-encap and tunnel-decap ends for successful tunneling.
session-field—Specifies the attributes of a session field for stateful load balancing as follows:
■   3-tuple-any—Specifies any IPv4/IPv6 3-tuple-based session.
■   3-tuple-ipv4—Specifies an IPv4 3-tuple-based session. The hash value is extracted from the combination of ipv4-src, ipv4-dst, ipv4-protocol.
■   3-tuple-ipv6—Specifies an IPv6 3-tuple-based session. The hash value is extracted from the combination of ipv6-src, ipv6-dst, ipv6-protocol.
■   5-tuple-any—Specifies any IPv4/IPv6 5-tuple-based session.
■   5-tuple-ipv4—Specifies an IPv4 5-tuple-based session. The hash value is extracted from the combination of ipv4-src, ipv4-dst, l4port-src, l4port-dst, ipv4-protocol.
■   5-tuple-ipv6—Specifies an IPv6 5-tuple-based session. The hash value is extracted from the combination of ipv6-src, ipv6-dst, l4port-src, l4port-dst, ipv6-protocol.
■   ip-any—Specifies any IPv4/IPv6-based session.
■   ipv4-only—Specifies an IPv4-only-based session. The hash value is extracted from the combination of ipv4-src, ipv4-dst
■   ipv6-only—Specifies an IPv6-only-based session. The hash value is extracted from the combination of ipv6-src, ipv6-dst

In addition, for all session fields, specify the following:

•   outer—the first occurrence of the header in the packet
•   inner—the second occurrence of the header in the packet

Examples:

(config) # gsop alias tun_encap tunnel-encap type l2gre ipdst 1.1.1.1 key 123214 port-list gsport1

(config) # gsop alias gsop1 tunnel-encap type l2gre pgdst pg1 key 10 session-field 5-tuple-ipv4 outer lb app tunnel metric round-robin port-list gsport1

(config) # gsop alias gsop2 tunnel-encap type l2gre pgdst pg1 key 123 lb hash 5-tuple outer port-list gsport1

Refer to the GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation section in the GigaVUE Fabric Management Guide for details.

Related Commands

The following table summarizes other commands related to the gsop command:

Task

 

Command

Displays all GigaSMART operations.

# show gsop

Displays a specified GigaSMART operation.

# show gsop alias gsop1

Displays all GigaSMART operations.

# show gsop all

Displays GigaSMART operations by application.

 

<add-header | dedup | apf | asf | flow-sampling | flow-filtering | lb | masking | slicing | strip-header | trailer | tunnel-decap | ssl-decrypt>

Displays statistics for all GigaSMART operations.

# show gsop stats

Displays statistics for a specified GigaSMART operation.

# show gsop stats alias gsop1

Displays IP fragmentation statistics for a specified GigaSMART operation.

# show gsop stats alias gsop1 ip-frag

Displays statistics for all GigaSMART operations.

# show gsop stats all

Displays detailed statistics for all GigaSMART operations.

# show gsop stats all detail

Displays statistics of all GigaSMART operations using a particular GigaSMART application.

by-application <add-header | dedup | apf | asf | flow-sampling | flow-filtering | lb | masking | slicing | strip-header | trailer | tunnel-decap | ssl-decrypt>

Displays statistics in a particular GigaSMART group.

by-gsgroup gsg1

Deletes a specified GigaSMART operation.

(config) # no gsop alias gsop1

Deletes all GigaSMART operations.

(config) # no gsop all