User-Defined Pattern Match Examples
In this example, a 3G carrier is monitoring the Gn interface between the SGSN and the GGSN in the mobile core network and wants to split traffic from different subscriber IP address ranges to different tool ports. However, because the subscriber IP addresses are tunneled using the GPRS Tunneling Protocol (GTP), standard IP address map rules will not work. The addresses are always at the same offsets, though, so we can construct UDA pattern match rules to match and distribute the traffic correctly.
For example, suppose we want to apply the following rules to all traffic seen on network port 1/5/x1:
Send all traffic to and from the 10.218.0.0 IP address range inside the GTP tunnel to tool port 1/5/x4. |
Send all traffic to and from the 10.228.0.0 IP address range inside the GTP tunnel to tool port 1/5/x9. |
Keep in mind that we also know the following about tunneled GTP traffic:
The offset for source IP addresses inside the GTP tunnel is 62. |
The offset for destination IP addresses inside the GTP tunnel is 66. |
The following example explains how to construct two maps that will distribute traffic using UDA pattern match rules.
Description |
Command |
Map #1 – GTP_Map218Our first map will send traffic to and from the 10.218.0.0 IP address range inside the GTP tunnel to tool port 1/5/x4. |
|
Start by entering the prefix mode for a new map called GTP_Map218. |
(config) # map alias GTP_Map218 |
Specifies the map type and subtype. |
(config map alias GTP_Map218) # type regular byRule |
Specify that this map will match packets arriving on network port 1/5/x1. |
(config map alias GTP_Map218) # from 1/5/x1 |
Specify that packets matching this map will be sent to tool port 1/5/x4. |
(config map alias GTP_Map218) # to 1/5/x4 |
Next, add the map rules for our first address range – 10.218.0.0. This IP address translates to 0ada in hex. The first rule matches the 10.218.0.0 address at the source address offset of 62 in the GTP tunnel. |
(config map alias GTP_Map218) # rule add passuda1-data 0ada0000-00000000-00000000-00000000 uda1-mask ffff0000-00000000-00000000-00000000 uda1-offset 62 |
The second rule matches the same address range (10.218.0.0) but at the destination address offset of 66 in the GTP tunnel. Notice that we have still specified the offset as 62 and have simply masked out to the correct location of the destination address. This way, we have still only used one of the two possible offsets in place for the GigaVUE HC Series node at any one time. |
(config map alias GTP_Map218) # rule add passuda1-data 00000000-0ada0000-00000000-00000000 uda1-mask 00000000-ffff0000-00000000-00000000 uda1-offset 62 |
Exit the map prefix mode. |
(config map alias GTP_Map218) # exit |
Map #2 – GTP_Map228Our second map will send traffic to and from the 10.228.0.0 IP address range inside the GTP tunnel to tool port 1/5/x9. |
|
Start by entering the prefix mode for a new map called GTP_Map228. |
(config) # map alias GTP_Map228 |
Specifies the map type and subtype. |
(config map alias GTP_Map228) # type regular byRule |
Specify that this map will match packets arriving on network port 1/5/x1. |
(config map alias GTP_Map228) # from 1/5/x1 |
Specify that packets matching this map will be sent to tool port 1/5/x9. |
(config map alias GTP_Map228) # to 1/5/x9 |
Now, create rules for the second address range – 10.228.0.0 (0ae4 in hex). As with the first range, create separate rules for the source and destination offsets inside the GTP tunnel. This address range is being sent to 1/1/x4. |
(config map alias GTP_Map228) # rule add passuda1-data 0ae40000-00000000-00000000-00000000 uda1-mask ffff0000-00000000-00000000-00000000 uda1-offset 62 |
Here is the companion rule for the destination address offset of 66. |
(config map alias GTP_Map228) # rule add passuda1-data 00000000-0ae40000-00000000-00000000 uda1-mask 00000000-ffff0000-00000000-00000000 uda1-offset 62 |
Exit the map prefix mode. |
(config map alias GTP_Map228) # exit |