apps asf

Use the apps asf command to configure Application Session Filtering (ASF) parameters. Use ASF after applying pattern matching with Adaptive Packet Filtering (APF). When a packet matches an APF rule, such as a regular expression filter rule, the subsequent packets with the same flow session will be forwarded to the same tool port as the matching packet.

Also use the apps asf command to configure ASF with buffering. Buffering ensures that all packets belonging to a flow session are captured and forwarded to the tools. For buffer ASF, you also need to allocate the number of session entries, in millions, using the gsparams command. Refer to resource buffer-asf under gsparams.

The apps asf command has the following syntax:

apps asf <alias <alias>>
   bi-directional <disable | enable>
   buffer <disable | enable>
   buffer-count-before-match <3-20>
   packet-count <2-100 | disable>
   protocol <tcp | udp | | tcp-udp |>
   sess-field <add | delete>
      <gtpu-teid>
      <ipv4 | ipv4-5tuple | ipv4-dst | ipv4-l4port-dst | ipv4-protocol | ipv4-src | ipv4-src-l4port-dst | ipv6 |  ipv6-5tuple | ipv6-dst | ipv6-l4port-dst | ipv6-protocol | ipv6-src | ipv6-src-l4port-dst | l4port | l4portdst | l4portsrc> <inner | outer>
      <mpls-label | vlan-id> <pos <1 | 2>>
   timeout <10-120s>

The following table describes the arguments for the apps asf command:

Argument

Description

alias <alias>

Specifies the ASF alias. For example:

(config) # apps asf alias asf2

bi-directional <disable | enable>

Specifies the direction of the flow, as follows:

disable—Disables capture of both directions of the flow.
enable—Enables capture of both directions of the flow.

Depending on the session field attribute selected, GigaSMART will form the session field attribute for the reverse direction traffic.

The default is enable, which means the opposite flow is captured.

For example:

(config) # apps asf alias asf2 bi-directional disable

For details of bidirectional support, refer to Bidirectional Support for Session Field Attributes.

buffer <disable | enable>

Enables or disables buffer ASF. The default is disable.

For example:

(config) # apps asf alias asf2 buffer enable

Note:  To turn on buffer ASF, buffer must be enabled.

buffer-count-before-match <3-20>

Specifies the maximum number of packets that buffer ASF will buffer per session before an APF match. This provides a limit to the amount of buffering. The default is 3. The range is from 3 to 20.

For example:

(config) # apps asf alias asf2 buffer-count-before-match 10

packet-count <2-100 | disable>

Specifies the number of packets to forward to the tool port for each session match. After the packet count is reached, subsequent packets for the session are dropped.

The packet count includes the packet that triggered the creation of the session.

The default is disable, which means that all packets will be forwarded to the tool port. The range is from 2 to 100.

For example, to capture 50 packets after the pattern match:

(config) # apps asf alias asf2 packet-count 50

This parameter applies to APF pass rules (gsrule add pass).

The number of packets dropped after the packet count is exceeded is displayed in the Exceed Count Drop field.

protocol <tcp | udp | sctp | tcp-udp |

Specifies the protocol for buffer ASF as follows:

tcp—Specifies TCP only.
udp—Specifies UDP only.
sctp—Specifies SCTP only.
tcp-udp—Specifies both TCP and UDP.

The default is tcp.

For example:

(config) # apps asf alias asf2 protocol udp

sess-field <add | delete>
   <gtpu-teid>
   <ipv4 | ipv4-5tuple | ipv4-dst | ipv4-l4port-dst |       ipv4-protocol | ipv4-src | ipv4-src-l4port-dst       | ipv6 | ipv6-5tuple | ipv6-dst |       ipv6-l4port-dst | ipv6-protocol | ipv6-src |       ipv6-src-l4port-dst | l4port | l4portdst |       l4portsrc> <inner | outer>
   <mpls-label | vlan-id> <pos <1 | 2>>

Specifies the attributes of a session field to add or delete. A session field is a group of fields that define a flow session. A flow session consists of one or more field names and attributes that define a session. Some field names include multiple attributes as follows:

gtpu-teid—GTP-u tunnel identifier. Not supported for buffer ASF.
ipv4 (ipv4-src, ipv4-dst)—IPv4 source and destination IP.
ipv4-5tuple (ipv4-src, ipv4-dst, l4port-src, l4port-dst, ipv4-protocol)—IPv4 source and destination IP, Layer 4 (L4) source and destination port, and protocol field in IPv4 header. For buffer ASF, the IPv4 protocol is TCP/UDP.
ipv4-dst—IPv4 destination IP.
ipv4-l4port-dst (ipv4-src, ipv4-dst, l4port-dst)—IPv4 source and destination IP, and L4 destination port.
ipv4-protocol—Protocol field in IPv4 header.
ipv4-src—IPv4 source IP.
ipv4-src-l4port-dst (ipv4-src, l4port-dst)—IPv4 source IP and L4 destination port.
ipv6 (ipv6-src, ipv6-dst)—IPv6 source and destination IP.
ipv6-5tuple (ipv6-src, ipv6-dst, l4port-src, l4port-dst, ipv6-protocol)—IPv6 source and destination IP, L4 source and destination port, and protocol field in IPv6 header. For buffer ASF, the IPv6 protocol is TCP/UDP.
ipv6-dst—IPv6 destination IP.
ipv6-l4port-dst (ipv6-src, ipv6-dst, l4port-dst)—IPv6 source and destination IP, and L4 destination port.
ipv6-protocol—Protocol field in IPv6 header.
ipv6-src—IPv6 source IP.
ipv6-src-l4port-dst (ipv6-src, l4port-dst)—IPv6 source and L4 destination port.
l4port (l4port-src, l4port-dst)—L4 source and destination port.
l4port-dst—L4 destination port.
l4port-src—L4 source port.
mpls-label—MPLS label.
vlan-id—VLAN ID.

 

In addition, for all IP and L4 port fields, specify the following:

outer—the first IP or L4 port in the packet. For buffer ASF, only outer is supported.
inner—the second IP or L4 port in the packet (usually inside tunneling).

 

For MPLS label and VLAN ID fields only, position is the user-defined position of the field in the packet, as follows:

1—the first occurrence of the protocol header or field in the packet. For buffer ASF, only position 1 is supported.

2—the second occurrence of the protocol header or field in the packet.

 

Examples:

(config) # apps asf alias asf1 sess-field add gtpu-teid

(config) # apps asf alias asf2 sess-field add ipv4 inner

(config) # apps asf alias asf3 sess-field add ipv4-5tuple oute) # apps asf alias asf4 sess-field add vlan-id pos 2

timeout <10-120s>

Specifies the session inactivity timeout, in seconds. A session will be removed due to inactivity when no packets match. The default is 15 seconds. The range is from 10 to 120 seconds.

For example:

(config) # apps asf alias asf2 timeout 60

Bidirectional Support for Session Field Attributes

The following table lists each session field attribute, the corresponding field for the reverse direction, and whether or not the bidirectional parameter is supported:

Field Attribute

Corresponding Field for Reverse Traffic

Bidirectional Support

ipv4-src

ipv4-dst

yes

ipv4-dst

ipv4-src

yes

ipv6-src

ipv6-dst

yes

ipv6-dst

ipv6-src

yes

l4port-src

l4port-dst

yes

l4port-dst

l4port-src

yes

ipv4-protocol

ipv4-protocol

yes

ipv6-protocol

ipv6-protocol

yes

vlan-id

vlan-id

yes

mpls-label

N/A

no

gtpu-teid

N/A

no

Related Commands

The following table summarizes other commands related to the apps asf command:

Task

Command

Displays configuration of a specified ASF.

# show apps asf alias asf1

Displays configuration of all ASFs.

# show apps asf all

Displays ASF statistics by alias.

# show apps asf stats alias asf2

Displays all ASF statistics.

# show apps asf stats all

Displays GSOP for ASF application.

# show gsop by-application asf

Displays GSOP statistics for ASF application.

# show gsop stats by-application asf

Deletes a specified ASF session field.

(config) # apps asf alias asf2 sess-field delete gtpu-teid

Deletes a specified ASF alias.

(config) # no apps asf alias asf1

Deletes all ASF aliases.

(config) # no apps asf all