Flexible Filter Templates

Flexible filter templates maximize the number of map rules, optimize filter resources, and enhance the scalability and flexibility of flow mapping. Flexible filter template is supported in GigaVUE-HC1, GigaVUE-HC2 CCv2, GigaVUE-HC3, GigaVUE-TA100, and GigaVUE-TA200.

Refer to Manage Map Rule Resources for template groups on other GigaVUE nodes.

Flexible filter templates increase the number of map rules and also eliminate current restrictions on map rule combinations, such as ipv6+MAC or ipv6+UDA.

Refer to the section Flow Mapping FAQ for the number of map rules supported.

Flow mapping uses filter templates to determine the traffic to filter based on qualifiers specified in the template. A filter template has a specific set of qualifiers used to apply to map rules. You can control the template that you apply to a specific slot on GigaVUE-HC3 or a specific pseudo-slot on GigaVUE-TA100 or GigaVUE-TA200. For GigaVUE-HC1 and GigaVUE-HC2 CCv2, you can apply the filter template only at the control card level which will be applied across all the line cards.

Flexible filter templates offer five default templates. Custom templates can also be created that have a qualifier set selected from the list of available qualifiers.

Refer to the following sections for details:

Filter Template Qualifiers and Defaults
Custom Filter Template Configuration
Filter Template Limits
Filter Template Rules and Recommendations
Filter Template Best Practices
Filter Templates in a Cluster
Filter Templates Formulas

Filter Template Qualifiers and Defaults

Refer to the rows in Table 1: Map Rule Criteria for Default Templates for the list of qualifiers for filter templates. Refer to the columns in Table 1: Map Rule Criteria for Default Templates for the default templates and the qualifiers that are predefined for the defaults.

NOTES:

The default templates cannot be deleted.
The ipver qualifier is implicitly included in all default and custom templates.

Custom Filter Template Configuration

To configure filter templates:

1.   Access the GigaVUE node using a Web browser and log in with administrator user credentials.

1Select Maps > Filter Templates. The Filter Templates page shown in Figure 604: Default Filter Templates displays the default templates.

 

Figure 604: Default Filter Templates

2. To add a custom template, click New. Refer to Figure 605: Custom Filter Templates.

 

Figure 605: Custom Filter Templates

3. Specify an alias, an optional comment, then select qualifiers. Click OK.

2To apply a custom template to a slot or pseudo-slot, select it and click Apply. Refer to Figure 606: Apply Filter Template.

Note:  For GigaVUE-HC1 and GigaVUE-HC2 CCv2, you can apply a filter template only at the control card level which will be applied across all the line cards.

 

Figure 606: Apply Filter Template

3Select the slot or pseudo-slot and click OK. Refer to Figure 607: Apply Filter Template to Slot.

 

Figure 607: Apply Filter Template to Slot

The Filter Templates page displays the applied slot or pseudo-slot. You can edit an existing custom filter or delete it. A template can be deleted if it is not currently in use, meaning that it has not been applied. Refer to Figure 608: Filter Template Edit or Delete.

 

Figure 608: Filter Template Edit or Delete

4To display filter templates, click on a row in the Filter Templates page. Refer to Figure 609: Filter Template Display.

 

Figure 609: Filter Template Display

Filter Template Limits

The number of qualifiers in a template limits the total number of rules that can be defined. The maximum rule limit on the GigaVUE-HC3, GigaVUE-TA100, or GigaVUE-TA200 is 1K (1024) per slot or pseudo-slot when using the default templates.

Custom templates allow the creation of templates with only those qualifiers needed for the rules that you plan to use in flow maps. The qualifiers specified in a flexible template can increase or decrease the maximum rule limit, depending on the qualifiers selected. With flexible filter templates, it is possible to reach a maximum limit of 6K rules per slot on the GigaVUE-HC3 node and 6K rules per pseudo-slot on the GigaVUE-TA100 or GigaVUE-TA200 node, or 24K total rules.

Figure 609: Filter Template Display displays a Limit.

How to Understand Map Filter Resources

Starting in software version 5.0, when a filter template is applied, filter resources display the total number of map rules used in a map as well as the limit. If the limit is 1024, 1023 is displayed, even though the actual limit is 1022, or two less than the limit. This discrepancy is due to extra resources needed for internal usage.

Filter Template Rules and Recommendations

When creating flexible filter templates, keep the following rules and recommendations in mind:

Filters are applied to a specific slot or pseudo-slot, not to the node.
By default, all slots will be in the pre-defined ipv4 template.
There is a limit of 512 custom templates.
Custom templates can have duplicate sets of qualifiers.
The filter limit is calculated when the template is created. In most cases, a higher-cost qualifier set (for example, IPv6, UDA, or MAC are higher cost) consumes more resources and leads to a lower filter limit.
Flexible filter templates have no effect on existing flow mapping behavior, including pass versus drop map rules, map priority, network port sharing, GigaSMART operations, or first level and second level maps.

Filter Template Best Practices

The following are best practices for optimizing filter resources using filter templates.

First determine all the needed qualifiers, then create a template, apply the template, and configure the map rules.

Connect network ports of a slot to flows of the same application.
For example, if you have two flows:
one is filtered on macsrc and macdst
the second one is filtered on ipdst and ipsrc
In case both flows connect to ports on the same slot, that slot will have to have a template of macsrc, macdst, ipsrc, and ipdst, with a limit of 1024 rules.
However, filter resources can be optimized by connecting these two flows to ports on different slots with one template for macsrc and macdst and the other template for ipsrc and ipdst. Both templates will have a limit of 3072 rules.

The following are best practices for adding more rules if a limit has been reached:

Create a new template with all the qualifiers that are in use on a specified slot.
Issue the show filter-resource slot command to obtain the list of qualifiers in use.
Issue the filter-template alias <alias> qualifiers add command with that list of qualifiers.
Issue the show filter-template limit command to check if the new template allows a higher limit. If it does, apply the filter using the card slot <slot ID> filter-template command.

Filter Templates in a Cluster

Filter template configuration is synchronized across the cluster. However, a cluster can have different GigaVUE nodes, so one set of qualifiers may or may not be valid on all nodes.

Filter Templates Formulas

The formulas in this section can help you determine the number of map rules that are supported, based on the qualifiers specified in the filter template. Use the formulas as guidelines.

The number of map rules depends on the number of qualifiers a template can support. The more qualifiers, the lower the limit.

The cost of each qualifier depends on the number of bits it consumes. The following table lists the number of bits each qualifier consumes.

Table 5: Bits Consumed per Qualifier

Qualifier

Bits

ipdst

32

ipsrc

32

ip6dst

128

ip6src

128

macdst

48

macsrc

48

uda1

128

uda2

128

vlan

16

inner-vlan

16

portdst

16

portsrc

16

ethertype

16

protocol

8

qset1

58*

* qset1 is made up of the following: tos: 8, ipfrag: 2, tcpctl: 8, ttl: 8, ip6fl: 32

The qualifier cost is the cost of all qualifiers + 54 bits.

If the cost is less than or equal to 80 bits, 6K rules/slot are supported.
If the cost is greater than 80 bits but less than 160 bits, 3K rules/slot are supported.
If the cost is greater than or equal to 160 bits, 1K rules/slot are supported.

Examples:

For the ip6src and vlan qualifiers—ip6src is 128 bits, vlan is 16 bits, so the total is 128+16+54 bits, which is a cost greater than 160 bits, so 1K rules per slot are supported.
For the portdst qualifier only—portdst is 16 bits, so the total is 16+54 bits, which is a cost less than 80 bits, so 6K rules per slot are supported.

The maximum cost supported is 480 bits/template.