Net Optics none manual User interactions, Filter capacity

Page 42

Director

Be aware of these similar pairs of commands:

filter discard clears the pending filter list, while filter clear clears the CAM

filter list shows the pending filter list, while filter running shows the CAM

filter commit copies the pending filter list to the CAM, while filter sync copies the CAM to the pending filter list

Pending filter list

 

 

CAM

Address

Filter

filter commit

Address

Filter

1

 

1

 

 

 

 

2

 

filter sync

2

 

 

 

 

 

filter discard to clear

 

filter clear to clear

filter list to view contents

 

filter running to view contents

Figure 45: Pairs of similar filter commands

User interactions

When multiple users are logged into Director at the same time, each user has a separate pending filter list in which to create filter configurations. However, there is only one CAM, so any time a user executes a commit or filter commit command, the CAM takes on the filter configuration from that user's pending filter list, and those become the active filters on Director. For this reason, it is a good idea to use a filter sync to get the current contents of the CAM before adding or modifying filters; that way, the filters that you don't touch remain unaffected after you commit.

Filter capacity

The capacity of Director's filtering function is roughly 1,000 filter elements per chassis, where a filter element is a port list or a filter parameter. For example, filter add in_ports=n1.1-n1.7 ip_proto=6 vlan=100 action=redir redir_ports=m.1-m.5,m.10has four filter elements:

1.in_ports=n1.1-n1.7

2.ip_proto=6

3.vlan=100

4.redir_ports=m.1-m.5,m.10

Counting filter elements is only a rough gauge of filter utilization, and is not recommended. Instead, examine the pending filter list or CAM contents with filter list and filter running commands. The CAM has 512 locations, so the number of filter entries or filter IDs is an indication of how much filtering capacity has been utilized. For example, if the highest filter ID is 256, then half of the filter capacity is utilized. The actual capacity may exceed 1,000 filter elements because one CAM location can contain multiple filter elements. However, be aware that IPv6 addresses (when available) require additional CAM space and therefore fill the CAM more quickly than IPv4 addresses.

38

*** Confidential - DO NOT Distribute ***

Page 41 Page 43
Image 42
Page 41 Page 43
Contents Smart Filtering Appliance Trademarks and Copyrights Contents Appendix C Appendix aAppendix B Filter parametersChapter Introduction Monitor port Filtering Key FeaturesEase of Use Passive, Secure TechnologyAbout this Guide DescriptionDirector Architecture Director internal architectureUSB port Director ManagementTypical Application Network LinksMonitoring Tools IBypass Switch Method In-line Monitoring of 10 Gigabit LinksExternal Network Tap method Monitor Port LEDs Power LEDsDirector Front Panel DNM / Network Port LEDsDirector Rear Panel XFPChapter Installing Director Plan the Installation Unpack and Inspect the Director deviceInstall Director Network Modules Install SFP and XFP Monitor port ModulesRack Mount the Director device Connect Power to Director Connect the local CLI InterfaceTip Connect the remote CLI InterfaceBaud Data bits No parity 1 stop bit No flow control To connect the CLI for remote use over the Management portLog into the CLI To log into the CLIConfigure Director using the CLI Change Director User Name and PasswordTo change the user name and password To assign a new Manager IP address to Director To change the port modeAssign a New Manager IP Address Change Port ModesSave and Load Director Configurations Set the Current Date and TimeUsing the CLI Help Command To view CLI help informationUsing the CLI Command History Buffer Current config fileConnect Span Ports to Director To connect a Span portConnect Director With In-line Network Links To connect an in-line network linkConfigure a Matrix Switch connection in Director Check the InstallationConnect Monitoring Tools to Director Chapter Configuring Filters Using the CLI SyntaxEnter filter commit. The switch connection is activated Copy Traffic From Any Network Port to Any Monitor PortRegenerate Traffic to Any Set of Monitor Ports Lter add inports=n1.1 action=redir redirports=m.3-m.5Create Filters To create a filter that selects IPv4 packets by protocolCreate Complex Filters Logical and filter connectionView filters UDPWork with configurable 10 Gigabit ports Configurable 10 Gigabit XFP ports used as Network portsNetwork Port 11 XFP Port Understand filter interactions CAMFlow diagram now looks as follows Exclusive filters N1.1 ipproto=UDP action=drop N1.1 m.1To change the Director filter configuration Understand pending and active filtersEnter filter list to view the pending filter list User interactions Filter capacityDaisy-chaining Multiple Director Chassis Appendix a Director Specifications Specifications, chassisCertifications Specifications, DNMEnvironmental Available ModelsAppendix B Command Line Interface Command Sub-Command Parameters Example and descriptionFilter add ipv6=n inports=n1.1-n1.3 ip Command may includeFilter add and filter ins commands Src=10.1.1.1 action=dropFilter running Load myconfiguration-1Filter list Filter syncPasswd Save myconfiguration-1Show myconfiguration-1 PingSysip show Sysip commitSysip ipaddr=192.168.1.2 netmask=255.255.0.0 TimeUser add name=bob pw=bob-pw priv=3 This This command is only available at root level CommandUser show Is onlyFilter parameters Director Filter Parameters Qual Value Example DescriptionAppendix C Protocol Numbers Num Keyword ProtocolMobile L2TP Limitations on Warranty and Liability By Net Optics, Inc. All Rights Reserved
Top Page Image Contents