Adaptive Packet Filtering Examples
The following are APF examples:
Identify Social Security Numbers in User-Level Transactions
The following example looks for packets containing Social Security Numbers in an incoming traffic stream using pattern matching. Once a match is detected, the packets are forwarded to a monitoring tool for additional analysis.
Task
|
Description
|
UI Steps
|
1
|
Configure one network and two tool ports.
|
|
1.
|
Select Ports > Ports > All Ports. |
|
2.
|
Click Quick Port Editor. |
|
3.
|
Configure one network port and two tool ports. For example, select Network for port 1/1/x3. Select Tool for port 1/1/x4 and port 1/1/x1. |
|
4.
|
Select Enable for each port. |
|
6.
|
Close the Quick Port Editor. |
|
2
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsgrp1 in the Alias field. |
|
3
|
Configure the GigaSMART operation.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
3.
|
Type gsfil in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
5.
|
Select APF from the GigaSMART Operations (GSOP) list. |
|
4
|
Create a virtual port.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter vp1 in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
5
|
Create a first level map to forward traffic from network port 1/1/x3 to virtual port vp1.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map1 in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/1/x3 for the Source. |
|
■
|
Select the virtual port vp1 for the Destination. |
|
d.
|
Select v4 for Version. |
|
6
|
Create a second level map to forward traffic from the virtual port vp1 to GigaSMART with pattern matching.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map2 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port vp1 for the Source. |
|
■
|
Select the tool port 1/1/x1 for the Destination. |
|
c.
|
Select Pattern Matching. |
|
d.
|
Select regex for Type and enter the value d{3}-?\d{2}-?\d{4}. |
|
e.
|
Set the Offset Start to 40. |
|
f.
|
Set the Offset End to 80 |
|
Mask Social Security Numbers
In the following pattern matching example, IPv4 packets contain Social Security Numbers (SSNs) in the format xxx-xx-xxxx. If the SSNs are between offset 40 and 80, they will be replaced with zeros.
Task
|
Description
|
UI Steps
|
1
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsgrp1 in the Alias field. |
|
2
|
Create a virtual port and associate it with the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter gsTraffic in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
3
|
Create a first level map to direct traffic from network port 1/1/x1 to virtual port gsTraffic.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map1 in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/1/x3 for the Source. |
|
■
|
Select the virtual port gsTraffic for the Destination. |
|
d.
|
Select v4 for Version. |
|
4
|
Configure the GigaSMART operation.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > GigaSMART Operations. |
|
3.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
4.
|
Select Adaptive Packet Filtering from the GigaSMART Operations (GSOP) list. |
|
5
|
Create a second level map to direct traffic from the virtual port gsTraffic to GigaSMART.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map2 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port vp1 for the Source. |
|
■
|
Select the tool port 1/1/x6 for the Destination. |
|
■
|
Select gsop1 from the GSOP list. |
|
c.
|
Select Pattern Matching. |
|
d.
|
Select regex for Type and enter the value d{3}-?\d{2}-?\d{4}. |
|
e.
|
Set the Offset Start to 40. |
|
f.
|
Set the Offset End to 80 |
|
Filter on Fiber Channel over Ethernet (FCOE) Traffic
The flexibility offered by regular expression-based filters can be used as an infrastructure to classify traffic streams with protocol headers that are typically unsupported on traditional TAP/SPAN aggregation devices. In this example, regular expression-based filters are used for filtering on the source address in a Fiber Channel header.
Task
|
Description
|
UI Steps
|
1
|
Configure ports.
|
|
1.
|
Select Ports > Ports > All Ports. |
|
2.
|
Click Quick Port Editor. |
|
3.
|
Configure one network port and two tool ports. For example, select Network for port 1/1/x3. Select Tool for port 1/1/x4 and port 1/1/x1. |
|
4.
|
Select Enable for each port. |
|
6.
|
Close the Quick Port Editor. |
|
2
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsgrp1 in the Alias field. |
|
3
|
Configure the GigaSMART operation.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
3.
|
Select gsfil from the GigaSMART Groups list. |
|
4.
|
Select Adaptive Packet Filtering from the GigaSMART Operations list. |
|
4
|
Create a virtual port and associate it with the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter gsTraffic in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
5
|
Create a first level map to forward FCOE traffic to the virtual port.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter to_vp in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/1/x3 for the Source. |
|
■
|
Select the virtual port vp1 for the Destination. |
|
d.
|
Enter 8906 in the Value field. |
|
6
|
Create a second level map to filter on regular expression, using a string match to the destination address in the FCOE packet.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map2 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port vp1 for the Source. |
|
■
|
Select the tool port 1/1/x1 for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
d.
|
Select string for Type and enter txff\xff\xfe. |
|
e.
|
Set the Offset Start to 0. |
|
f.
|
Set the Offset End to 29 |
|
Multi-Encapsulation Filtering
In order to complement the mobility brought about by the virtualized server infrastructure, network virtualization overlays like VXLAN, VNTag, NVGRE are being designed and implemented in Data Centers and Enterprise environment. Across Service Provider environments, huge volumes of traffic are being tunneled over GTP. Until now, the GigaVUE Visibility Platform provided the option of stripping out these headers, thus providing visibility to monitoring tools that do not understand these overlays and encapsulation protocol. With APF, this capability is further enhanced where operators now have the option of making forwarding decisions based on the encapsulation and inner packet contents.
With encapsulation awareness enabled by APF, operators have multiple options to act on the packet including the flexibility to:
|
■
|
Filter on encapsulation header parameters, Layer 2 – 4 parameters in the outer or inner headers (up to 5 layers of encapsulation) in any combination. For example: |
|
o
|
Forward traffic specific to a subset of VXLAN IDs to one or more monitoring tools. |
|
o
|
Distribute traffic based on MPLS label values across one or more monitoring tools. |
|
■
|
In combination with header stripping: |
|
o
|
Implement “conditional” header-stripping, based on encapsulation header parameters or inner/outer packet contents, as follows: |
– Forward a subset of traffic “as-is” to monitoring tools that need these encapsulations for analysis.
– Alternatively, strip out the outer headers/encapsulations and distribute traffic to monitoring tools that do not require these outer headers for analysis.
|
■
|
Since APF is implemented as a second level map, operators can also implement overlapping rules where: |
|
o
|
A copy of the traffic can be distributed across a group of monitoring tools. |
|
o
|
A refined subset from the same incoming stream is distributed across a different set of tools. |
Filter on Subscriber Device IP (User-Endpoint IP or UE-IP)
Encapsulation awareness enabled by APF allows mobile operators to filter on Layer 2 – 4 header parameters found in an encapsulated packet.
This allows operators to filter and forward traffic specific to a mobile subscriber device or a group of subscriber devices, identified by their IP address (User-Endpoint IP) to one or more monitoring tools.
In this example, we are:
|
■
|
Identifying and forwarding traffic from / to a UE-IP of 1.1.1.1 to a monitoring tool connected to 1/1/x1 |
|
■
|
Identifying and forwarding traffic from / to a UE-IP of 1.1.1.2 to a different monitoring tool connected to tool port 1/1/x4 |
In many cases, the GTP control sessions are low-volume and are useful in providing some level of visibility in to the quality of experience of the subscribers. To this end, operators prefer to replicate the control sessions across all the monitoring tools, while filtering and forwarding a subset of the user-plane sessions to a subset of monitoring tools. The following example also illustrates configuration commands, leveraging the patented flow-mapping technology to replicate the GTP control sessions across all the monitoring tools involved in the traffic analysis.
Task
|
Description
|
UI Steps
|
1
|
Configure ports.
|
|
1.
|
Select Ports > Ports > All Ports. |
|
2.
|
Click Quick Port Editor. |
|
3.
|
Configure one network port and two tool ports. For example, select Network for port 1/1/x3. Select Tool for port 1/1/x4 and port 1/1/x1. |
|
4.
|
Select Enable for each port. |
|
6.
|
Close the Quick Port Editor. |
|
2
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsg1 in the Alias field. |
|
4.
|
Select engine port 1/1/e1 in the Port List field. |
|
3
|
Configure the GigaSMART operation.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > GigaSMART Operations. |
|
3.
|
Type gsfil in the Alias field. |
|
4.
|
Select gsg1 from the GigaSMART Groups list. |
|
5.
|
Select Adaptive Packet Filtering from the GigaSMART Operations (GSOP) list. |
|
4
|
Create a virtual port and associate it with the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter vp1 in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
5
|
Create a first level map to forward GTP-u traffic to the virtual port.
Note: In the rule, 2152 is GTP-u traffic.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter to_vp in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/1/x3 for the Source. |
|
■
|
Select the virtual port vp1 for the Destination. |
|
d.
|
Enter 2152 for the port value. |
|
6
|
Create a first level map to forward GTP-c traffic to the tools.
Note: In the rule, 2123 is GTP-c traffic.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type to_tool in the Alias field. |
|
■
|
Select Regular for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/1/x3 for the Source. |
|
■
|
Select port 1/1/x1 and port 1/1/x4 for the Destination. |
|
d.
|
Enter 2123 for the port value. |
|
7
|
Create a second level map to filter on source and destination IP (bi-directional).
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map1 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port vp1 for the Source. |
|
■
|
Select the tool port 1/1/x1 for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
d.
|
Enter 1.1.1.1 for the IPv4 Address |
|
e.
|
Enter 255.255.255.255 for the Net Mask |
|
c.
|
Select IPv4 Destination. |
|
d.
|
Enter 1.1.1.1 for the IPv4 Address |
|
e.
|
Enter 255.255.255.255 for the Net Mask |
|
8
|
Create another second level map to filter on source and destination IP (bi-directional).
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map1 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port vp1 for the Source. |
|
■
|
Select the tool port 1/1/x4 for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
d.
|
Enter 1.1.1.1 for the IPv4 Address |
|
e.
|
Enter 255.255.255.255 for the Net Mask |
|
c.
|
Select IPv4 Destination. |
|
d.
|
Enter 1.1.1.1 for the IPv4 Address |
|
e.
|
Enter 255.255.255.255 for the Net Mask |
|
Filter on Inner Layer 2-4 Parameters for Unrecognized Headers
The flexibility of encapsulation awareness enables filtering on encapsulated contents even if APF does not recognize the outer encapsulation header. The following example illustrates a packet encapsulated in Fabric Path headers. Fabric Path headers (as shown in the figure) are mac-in-mac headers that are currently not recognized by APF. However operators can still filter and forward traffic flows based on Layer 2 – 4 parameters found in the encapsulated packets.
In this example, we are:
|
■
|
Identifying and forwarding traffic from/to ip 1.1.1.1 in the inner / original packet to monitoring tool connected to tool port 1/1/x1 |
|
■
|
Identifying and forwarding traffic from/to ip 1.1.1.2 in the inner / original packet to monitoring tool connected to tool port 1/1/x4 |
Task
|
Description
|
UI Steps
|
1
|
Configure ports.
|
|
1.
|
Select Ports > Ports > All Ports. |
|
2.
|
Click Quick Port Editor. |
|
3.
|
Configure one network port and two tool ports. For example, select Network for port 1/1/x3. Select Tool for port 1/1/x4 and port 1/1/x1. |
|
4.
|
Select Enable for each port. |
|
6.
|
Close the Quick Port Editor. |
|
2
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsg1 in the Alias field. |
|
4.
|
Select engine port 1/1/e1 in the Port List field. |
|
3
|
Configure the GigaSMART operation.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
4.
|
Select gsfil from the GigaSMART Groups list. |
|
5.
|
Select Adaptive Packet Filtering from the GigaSMART Operations (GSOP) list. |
|
4
|
Create a virtual port and associate it with the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter vp1 in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
5
|
Create a first level map to forward fabric path packets to the virtual port.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter to_vp in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/1/x3 for the Source. |
|
■
|
Select the virtual port vp1 for the Destination. |
|
d.
|
Enter 8903 in the Value field. |
|
6
|
Create a second level map to filter on source and destination IP (bi-directional).
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map1 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port vp1 for the Source. |
|
■
|
Select the tool port 1/1/x1 for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
d.
|
Enter 1.1.1.1 for the IPv4 Address |
|
e.
|
Enter 255.255.255.255 for the Net Mask |
|
c.
|
Select IPv4 Destination. |
|
d.
|
Enter 1.1.1.1 for the IPv4 Address |
|
e.
|
Enter 255.255.255.255 for the Net Mask |
|
7
|
Create another second level map to filter on source and destination IP (bi-directional).
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter map1 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port vp1 for the Source. |
|
■
|
Select the tool port 1/1/x4 for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
d.
|
Enter 1.1.1.2 for the IPv4 Address |
|
e.
|
Enter 255.255.255.255 for the Net Mask |
|
c.
|
Select IPv4 Destination. |
|
d.
|
Enter 1.1.1.2 for the IPv4 Address |
|
e.
|
Enter 255.255.255.255 for the Net Mask |
|
GTP Tunnel ID-Based Filtering
The following example demonstrates filtering and forwarding traffic based on tunnel IDs included as part of the GTP user-plane messages. It also illustrates the concept of a shared collector to which traffic not matching any of the configured filters can be optionally sent. GTP control sessions are forwarded to all the monitoring tools leveraging the power of flow mapping by filtering on Layer-4 UDP port 2123.
For GTP-u:
|
■
|
Filter and forward teid ranges 0x001e8480..0x001e8489 to a monitoring tool |
|
■
|
Filter and forward teid ranges 0x001e8490..0x001e8499 to another monitoring tool |
|
■
|
Forward the rest of the traffic to a shared collector |
Task
|
Description
|
UI Steps
|
1
|
Configure one network and three tool type of ports.
|
|
1.
|
Select Ports > Ports > All Ports. |
|
2.
|
Click Quick Port Editor. |
|
3.
|
Configure one network port and two tool ports. For example, select Network for port 1/1/x9. Select Tool for the port s 1/1/x13, 1/1/x14, and 1/1/x15. |
|
4.
|
Select Enable for each port. |
|
6.
|
Close the Quick Port Editor. |
|
2
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsg1 in the Alias field. |
|
4.
|
Select engine port 1/1/e1 in the Port List field. |
|
3
|
Configure the GigaSMART operation and assign it to the GigaSMART group. Packets processed by this operation are evaluated using Adaptive Packet Filtering (APF) rules.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
3.
|
Type gsfil in the Alias field. |
|
4.
|
Select gsg1 from the GigaSMART Groups list. |
|
5.
|
Select Adaptive Packet Filtering from the GigaSMART (GSOP) Operations list. |
|
4
|
Create a virtual port and associate it with the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter vp1 in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
5
|
Create a first level map that directs GTP-u traffic from physical network port/s to the virtual port created in the previous step.
Note: In the rule, 2152 is GTP-u traffic.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter to_vp in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/3/x9 for the Source. |
|
■
|
Select the virtual port vp1 for the Destination. |
|
d.
|
Enter 8903 in the Value field. |
|
6
|
Create a first level map that directs GTP-u traffic from physical network port/s to the tool ports.
Note: In the rule, 2123 is GTP-c traffic.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Enter ctrl_to_tool in the Alias field. |
|
■
|
Select Regular for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/3/x9 for the Source. |
|
■
|
Select the port 1/3/x13 and port 1/3/x15 for the Destination. |
|
d.
|
Enter 2123 for the port value. |
|
7
|
Create a second level map that takes traffic from the virtual port, applies the GigaSMART operation, and matches tunnel IDs specified by the gsrule.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type m1 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/3/x15 for the Source. |
|
■
|
Select the virtual port vp1 for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
d.
|
Enter 0x001e8480 for Min and 0x001e8489 for Max. |
|
8
|
Create a second level map that takes traffic from the virtual port, applies the GigaSMART operation, and matches tunnel IDs specified by the gsrule.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type m2 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the port 1/3/x15 for the Source. |
|
■
|
Select the virtual port vp1 for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
d.
|
Enter 0x001e8490 for Min and 0x001e8499 for Max. |
|
9
|
Add a shared collector for any unmatched data and send it to the third tool port.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type scoll in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select Collector for Subtype. |
|
■
|
Select the virtual port vp1 for the Source. |
|
■
|
Select the port 1/3/x14 for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
ERSPAN Tunneling
In this example, APF is used to filter packets based on ERSPAN ID. The ERSPAN header is not removed from the packet.
A second level map is configured in the example. A virtual port feeds traffic to the second level map. APF filters the packets and forwards those that match the filter criteria in the map.
Task
|
Description
|
UI Steps
|
1
|
Configure a tool type of port.
|
|
1.
|
Select Ports > Ports > All Ports. |
|
2.
|
Click Quick Port Editor. |
|
3.
|
Select Tool for a port. For example, port 1/1/g1. |
|
6.
|
Close the Quick Port Editor. |
|
2
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsgp2 in the Alias field. |
|
4.
|
Select an engine port 1/3/e1 in the Port List field. For example, 1/3/e2 |
|
3
|
Create a virtual port and associate it with the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter vp in the Alias field. |
|
4.
|
Select gsgrp2 from the GigaSMART Groups list. |
|
4
|
Configure the GigaSMART operation and assign it to the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > GigaSMART Operations. |
|
3.
|
Type er2 in the Alias field. |
|
4.
|
Select gsgp2 from the GigaSMART Groups list. |
|
5.
|
Select Adaptive Packet Filtering from the GigaSMART Operations list. |
|
5
|
Create a first level map.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type test1a in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the network port for the Source. For example, 1/1/g3. |
|
■
|
Select the virtual port vp for the Destination. |
|
■
|
Select gsfil from the GSOP list. |
|
d.
|
Enter the address 0000.0000.0000 for Min and the address 0000.0000.0000 for Max. |
|
6
|
Create a second level map.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type test1b in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the network port for the Source. For example, 1/1/g3. |
|
■
|
Select the virtual port vp for the Destination. |
|
■
|
Select er2 from the GSOP list. |
|
d.
|
Enter the address 0000.0000.0000 for Min and the address 0000.0000.0000 for Max. |
|
Distribute Traffic Based on Inner IP Addresses and Inner TCP Port Values
In the following example, traffic is distributed based on inner IP addresses and inner TCP port values as follows:
|
■
|
Packets from VLAN 20 with GTP inner IP 65.128.7.21 and 98.43.132.70, inner TCP port 80 is forwarded to one tool port |
|
■
|
Packets from VLAN 20 with GTP inner IP 65.128.7.21 and 98.43.132.70, inner TCP port 443 is forwarded to a second tool port |
|
■
|
All packets not matching these rules is forwarded to a third tool port |
Task
|
Description
|
UI Steps
|
1
|
Configure one network and three tool type of ports.
|
|
1.
|
Select Ports > Ports > All Ports. |
|
2.
|
Click Quick Port Editor. |
|
3.
|
Configure one network port and three tool ports. For example, select Network for port 1/1/x1. Select Tool for the port s 1/1/x10, 1/1/x11, and 1/1/x12. |
|
4.
|
Select Enable for each port. |
|
6.
|
Close the Quick Port Editor. |
|
2
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsgrp1 in the Alias field. |
|
4.
|
Select an engine port in the Port List field. For example, 1/1/e1. |
|
3
|
Configure the GigaSMART operation and assign it to the GigaSMART group. Packets processed by this operation are evaluated using Adaptive Packet Filtering (APF) rules.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
3.
|
Type g1 in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
5.
|
Select APF from the GigaSMART Operations (GSOP) list. |
|
4
|
Configure a virtual port and associate it with the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter gsTraffic in the Alias field. |
|
4.
|
Select gsgrp1 from the GigaSMART Groups list. |
|
5
|
Create a first level map that directs traffic from the physical network port to the virtual port created in the previous step.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type map1 in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the network port for the Source. For example, 1/1/x1 |
|
■
|
Select the virtual port gsTraffic for the Destination. |
|
4.
|
Add a rule with three conditions. |
|
c.
|
Select VLAN and enter 20 for Min. |
|
d.
|
Select IPv4 Protocol and select UDP for Value. |
|
e.
|
Select Port Destination and enter 2152 for the port value |
|
6
|
Create a second level map that takes traffic from the virtual port, applies the GigaSMART operation, matches the rules, and sends the traffic to one tool port.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type map2 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port gsTraffic for the Source. |
|
■
|
Select the port 1/1/x10 for the Destination. |
|
■
|
Select g1 from the GSOP list. |
|
4.
|
Add a rule with three conditions. |
|
c.
|
Select IPv4 Destination then enter 65.128.721 for the IP address and 255.255.255.255 for the Net Mask. Set position to 2. |
|
d.
|
Select IPv4 Protocol and set the Potion to 2. |
|
e.
|
Select Port Destination and enter 80 for the port value and select 2 for Position. |
|
6.
|
Add a rule with three conditions. |
|
c.
|
Select IPv4 Destination then enter 98.43.132.70 for the IP address and 255.255.255.255 for the Net Mask. Set Position to 2. |
|
d.
|
Select IPv4 Protocol and set the Position to 2. |
|
e.
|
Select Port Destination and enter 80 for the port value and select 2 for Position. |
|
7
|
Create a second level map that takes traffic from the virtual port, applies the GigaSMART operation, matches the rules, and sends the traffic to another tool port.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type map3 in the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the virtual port gsTraffic for the Source. |
|
■
|
Select the port 1/1/x10 for the Destination. |
|
■
|
Select g1 from the GSOP list. |
|
4.
|
Add a rule with three rule conditions. |
|
c.
|
Select IPv4 Destination then enter 65.128.721 for the IP address and 255.255.255.255 for the Net Mask. Set Position to 2. |
|
d.
|
Select IPv4 Protocol. Set Position to 2 |
|
e.
|
Select Port Destination and enter 443 for the port value and select 2 for Position. |
|
6.
|
Add another rule with three rule conditions. |
|
c.
|
Select IPv4 Destination then enter 98.43.132.70 for the IP address and 255.255.255.255 for the Net Mask. Set position to 2. |
|
d.
|
Select IPv4 Protocol. Set position to 2. |
|
e.
|
Select Port Destination and enter 443 for the port value and set Position to 2. |
|
8
|
Add a shared collector for any unmatched data and send it to the third tool port.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type mapclin the Alias field. |
|
■
|
Select Second Level for Type. |
|
■
|
Select Collector for Subtype. |
|
■
|
Select the virtual port gsTraffic for the Source. |
|
■
|
Select the port 1/1/x12 for the Destination. |
|
MPLS Label Based Filtering
Multiprotocol Label Switching (MPLS) is a mechanism in high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links (paths) between distant nodes rather than endpoints.
MPLS is a scalable, protocol-independent transport. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol.
However in the context of Visibility Platform nodes, traffic flows encapsulated in MPLS labels cannot be filtered and forwarded. With the wide-scale adoption of MPLS as a technology across enterprise and service provider environments, the ability to classify traffic flows based on MPLS labels would be a huge value add to granularly control the flow of traffic to the monitoring tools. APF can be leveraged to filter and forward traffic flows based on MPLS label values. MPLS can stack multiple labels to form tunnels within tunnels. The flexibility of APF facilitates traffic classifications across up to 5 levels of MPLS label stacks in addition to the capability to filter and forward based on Layer 2-4 parameters found in the encapsulated packet. The following example illustrates filtering and forwarding traffic based on MPLS labels, as follows:
|
■
|
Filter and forward traffic flows specific to mpls label = 4 at the second level in the MPLS label stack to tool 1 |
|
■
|
Filter and forward traffic flows specific to mpls label = 3 at the first level in the MPLS label stack to tool 2 |
Step
|
Description
|
Command
|
1
|
Configure ports.
|
|
1.
|
Select Ports > Ports > All Ports. |
|
2.
|
Click Quick Port Editor. |
|
3.
|
Configure one network port and two tool ports. For example, select Network for port 1/1/x3 and select Tool for the port s 1/1/x4 and 1/1/x1 |
|
4.
|
Select Enable for each port. |
|
6.
|
Close the Quick Port Editor. |
|
2
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
3.
|
Type gsg1 in the Alias field. |
|
4.
|
Select an engine port in the Port List field. For example, 1/1/e1 |
|
3
|
Configure the GigaSMART operation.
|
|
1.
|
From the device view, select GigaSMART > GigaSMART Operations (GSOP) > Operations. |
|
3.
|
Type gsfil in the Alias field. |
|
4.
|
Select gsg1 from the GigaSMART Groups list. |
|
5.
|
Select APF from the GigaSMART Operations list. |
|
4
|
Create a virtual port and associate it with the GigaSMART group.
|
|
1.
|
From the device view, select GigaSMART > Virtual ports. |
|
3.
|
Enter vp1 in the Alias field. |
|
4.
|
Select gsg1 from the GigaSMART Groups list. |
|
5
|
Create a first level map to forward traffic to the virtual port.
|
|
1.
|
Select Maps > Maps > Maps. |
|
■
|
Type to_vp in the Alias field. |
|
■
|
Select First Level for Type. |
|
■
|
Select By Rule for Subtype. |
|
■
|
Select the network port for the Source. For example, 1/1/x3 |
|
■
|
Select the virtual port vp1 for the Destination. |
| |