apps asf
Use the apps asf command to configure Application Session Filtering (ASF) parameters. Use ASF after applying pattern matching with Adaptive Packet Filtering (APF). When a packet matches an APF rule, such as a regular expression filter rule, the subsequent packets with the same flow session will be forwarded to the same tool port as the matching packet.
Also use the apps asf command to configure ASF with buffering. Buffering ensures that all packets belonging to a flow session are captured and forwarded to the tools. For buffer ASF, you also need to allocate the number of session entries, in millions, using the gsparams command. Refer to resource buffer-asf under gsparams.
The apps asf command has the following syntax:
apps asf <alias <alias>>
bi-directional <disable | enable>
buffer <disable | enable>
buffer-count-before-match <3-20>
packet-count <2-100 | disable>
protocol <tcp | udp |
sess-field <add | delete>
<gtpu-teid>
<ipv4 | ipv4-5tuple | ipv4-dst | ipv4-l4port-dst | ipv4-protocol | ipv4-src | ipv4-src-l4port-dst | ipv6 | ipv6-5tuple | ipv6-dst | ipv6-l4port-dst | ipv6-protocol | ipv6-src | ipv6-src-l4port-dst | l4port | l4portdst | l4portsrc> <inner | outer>
<mpls-label | vlan-id> <pos <1 | 2>>
timeout <10-120s>
The following table describes the arguments for the apps asf command:
Argument |
Description |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
alias <alias> |
Specifies the ASF alias. For example: (config) # apps asf alias asf2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
bi-directional <disable | enable> |
Specifies the direction of the flow, as follows:
Depending on the session field attribute selected, GigaSMART will form the session field attribute for the reverse direction traffic. The default is enable, which means the opposite flow is captured. For example: (config) # apps asf alias asf2 bi-directional disable For details of bidirectional support, refer to Bidirectional Support for Session Field Attributes. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
buffer <disable | enable> |
Enables or disables buffer ASF. The default is disable. For example: (config) # apps asf alias asf2 buffer enable Note: To turn on buffer ASF, buffer must be enabled. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
buffer-count-before-match <3-20> |
Specifies the maximum number of packets that buffer ASF will buffer per session before an APF match. This provides a limit to the amount of buffering. The default is 3. The range is from 3 to 20. For example: (config) # apps asf alias asf2 buffer-count-before-match 10 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
packet-count <2-100 | disable> |
Specifies the number of packets to forward to the tool port for each session match. After the packet count is reached, subsequent packets for the session are dropped. The packet count includes the packet that triggered the creation of the session. The default is disable, which means that all packets will be forwarded to the tool port. The range is from 2 to 100. For example, to capture 50 packets after the pattern match: (config) # apps asf alias asf2 packet-count 50 This parameter applies to APF pass rules (gsrule add pass). The number of packets dropped after the packet count is exceeded is displayed in the Exceed Count Drop field. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
protocol <tcp | udp | sctp | tcp-udp | |
Specifies the protocol for buffer ASF as follows:
The default is tcp.
For example: (config) # apps asf alias asf2 protocol udp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
sess-field <add | delete> |
Specifies the attributes of a session field to add or delete. A session field is a group of fields that define a flow session. A flow session consists of one or more field names and attributes that define a session. Some field names include multiple attributes as follows:
In addition, for all IP and L4 port fields, specify the following:
For MPLS label and VLAN ID fields only, position is the user-defined position of the field in the packet, as follows: 1—the first occurrence of the protocol header or field in the packet. For buffer ASF, only position 1 is supported. 2—the second occurrence of the protocol header or field in the packet.
Examples: (config) # apps asf alias asf1 sess-field add gtpu-teid (config) # apps asf alias asf2 sess-field add ipv4 inner (config) # apps asf alias asf3 sess-field add ipv4-5tuple oute) # apps asf alias asf4 sess-field add vlan-id pos 2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
timeout <10-120s> |
Specifies the session inactivity timeout, in seconds. A session will be removed due to inactivity when no packets match. The default is 15 seconds. The range is from 10 to 120 seconds. For example: (config) # apps asf alias asf2 timeout 60 |
Bidirectional Support for Session Field Attributes
The following table lists each session field attribute, the corresponding field for the reverse direction, and whether or not the bidirectional parameter is supported:
Field Attribute |
Corresponding Field for Reverse Traffic |
Bidirectional Support |
ipv4-src |
ipv4-dst |
yes |
ipv4-dst |
ipv4-src |
yes |
ipv6-src |
ipv6-dst |
yes |
ipv6-dst |
ipv6-src |
yes |
l4port-src |
l4port-dst |
yes |
l4port-dst |
l4port-src |
yes |
ipv4-protocol |
ipv4-protocol |
yes |
ipv6-protocol |
ipv6-protocol |
yes |
vlan-id |
vlan-id |
yes |
mpls-label |
N/A |
no |
gtpu-teid |
N/A |
no |
Related Commands
The following table summarizes other commands related to the apps asf command:
Task |
Command |
Displays configuration of a specified ASF. |
# show apps asf alias asf1 |
Displays configuration of all ASFs. |
# show apps asf all |
Displays ASF statistics by alias. |
# show apps asf stats alias asf2 |
Displays all ASF statistics. |
# show apps asf stats all |
Displays GSOP for ASF application. |
# show gsop by-application asf |
Displays GSOP statistics for ASF application. |
# show gsop stats by-application asf |
Deletes a specified ASF session field. |
(config) # apps asf alias asf2 sess-field delete gtpu-teid |
Deletes a specified ASF alias. |
(config) # no apps asf alias asf1 |
Deletes all ASF aliases. |
(config) # no apps asf all |