Creating dedicated hardware filters
The logic of the operation of the hardware filters
The operation of the filters follows the standard ACL logic: if a packet matches an filter, the comparison process stops and the action attached to the filter is performed. If a packet fails to match any of the filters, then the default action (forward) is taken.
Note: Hardware filters will act on packets that are destined for the switch itself (packets that would be passed up to the switch's own CPU) in exactly the same way as they act on packets that were destined to be forwarded directly by the switching chip.
The effects of the action parameters
Let us consider the effect of each the possible action keywords.
Action | What it does | When do you need this action? |
discard | Drops the traffic. | Use this when the filtering policy is to disallow certain |
|
| traffic flows. |
|
|
|
forward | Forwards the traffic normally. | Use this when you want to discard a wide range of traffic, |
|
| but still forward some small subset of traffic within that |
|
| range. |
copy | Forwards the traffic normally, and |
| also sends a copy of each packet to |
| the CPU. |
Use this when you want software monitoring of a certain packet flow. If you want to log, or count, or output debug pertaining to a certain stream, then create a filter that matches the packets in the stream, and specify copy for the action.
copy,discard | Drops the traffic, but also sends a | Use this when you want software monitoring of a certain |
| copy of each packet to the CPU. | packet flow that is being dropped. If you want to log, |
|
| count, or output debug pertaining to a certain disallowed |
|
| stream, then create a filter that matches the packets in the |
|
| stream, and specify copy,discard for the action. |
|
|
|
setl2qos |
|
|
Note that this action has the other parameters associated with it, as the following syntax shows:
add switch
This action means you can use hardware filters to set the queue, 802.1p user priority or bandwidth class for packets.
There is an elaborate QoS mechanism available for allocating these values to packets, but this filter type provides a simple method if you do not require a full QoS configuration. The principle use for this filter action, though, is as a mechanism for elevating the probability of CPU reception for packets that you determine to be “important”.
In heavily congested networks, data streams can sometimes use up all the available bandwidth of the CPU receive process. This increases the probability of losing
If you are using the filter to prioritise packets going up to the CPU, you only need to specify a value for the l2qosqueue parameter. The higher the value given to this parameter, the higher the priority the matching packets will be given in forwarding up to the CPU. It is possible to specify the priority and bandwidthclass parameters in this case, but they will have no effect, because the CPU ignores these parameters. The default value for the l2qosqueue parameter is 0.
The priority parameter specifies the 802.1p user priority with which to
The bandwidthclass parameter specifies the bandwidth class (colour) to assign matching packets to. The default is 1 (green).
Page 6 AlliedWare™ OS How To Note: Hardware Filters