Net Optics Director manual Understand filter interactions, Cam

Page 37

Director

Understand filter interactions

It is important to understand that Director uses Content Addressable Memory (CAM) technology to implement filters. As each filter is defined, it is stored in the next available entry in the CAM. Each packet header is compared in the CAM, and the CAM returns the index of the first filter that the packet header matched. That filter, and only that filter, controls which monitoring ports receive a copy of the packet. Other filters are not executed for that packet. Therefore, filters are not completely independent; one filter can affect the operation of another.

Let's walk through an example of a filter interaction that may be unexpected. First, we will set up a filter for an IP address:

filter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1 filter commit

Source IP =

Network Port 5 192.168.10.0 - Monitor Port 1

192.168.10.15

 

CAM

 

 

Address

Filter

 

 

1

n1.5 ip_src=192.186.10.0 m.1

 

 

 

 

￿lter add in_ports=n1.5 ip_src=192.168.10.0 ip_src_mask=255.255.255.240 action=redir redir_ports=m.1

Figure 34: A simple IP address filter, shown with CAM

All traffic from Network Port 5 that comes from IP address 192.186.10.0 matches the first CAM entry and therefore is copied to Monitor Port 1.

Next, suppose we want another monitoring tool to see all the TCP traffic from Network Port 5, so we set up this filter:

filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2 filter commit

Network Port 5

Source IP =

 

 

Monitor Port 1

192.186.10.0

 

 

 

 

 

 

 

 

 

 

 

Filter interactions

Protocol =

 

 

are not shown!

 

 

Monitor Port 2

TCP

 

 

 

 

 

CAM

Address Filter

1n1.5 ip_src=192.186.10.0 m.1

2n1.5 ip_proto=TCP m.2

￿lter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1 ￿lter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2

Figure 35: Incorrect flow diagram of two filters; filter interaction in CAM is neglected

33

Page 36 Page 38
Image 37
Page 36 Page 38
Contents Data Monitoring Switch Trademarks and Copyrights Contents Chapter Chapter Configuring Filters Using the CLIAppendix a Appendix BChapter Introduction Ease of Use Key FeaturesMonitor port Filtering Passive, Secure TechnologyDescription About this GuideDirector internal architecture Director ArchitectureDirector Management USB portNetwork Links Typical ApplicationMonitoring Tools In-line Monitoring of 10 Gigabit Links 10 Gigabit in-line network connection using a network TapDirector Front Panel Power LEDsMonitor Port LEDs DNM / Network Port LEDsXFP Director Rear PanelChapter Installing Director Unpack and Inspect the Director device Plan the InstallationInstall SFP and XFP Monitor port Modules Install Director Network ModulesRack Mount the Director device Connect the local CLI Interface Connect Power to DirectorBaud Data bits No parity 1 stop bit No flow control Connect the remote CLI InterfaceTip To connect the CLI for remote use over the Management portTo log into the CLI Log into the CLIChange Director Password Configure Director using the CLITo change the login password Assign a New Manager IP Address To change the port modeTo assign a new Manager IP address to Director Change Port ModesSet the Current Date and Time Save and Load Director ConfigurationsTo view CLI help information Using the CLI Help CommandShow name show running, factory, default, or file name Using the CLI Command History BufferTo connect a Span port Connect Span Ports to DirectorTo connect an in-line network link Connect Director With In-line Network LinksCheck the Installation Configure a Matrix Switch connection in DirectorConnect Monitoring Tools to Director Syntax Chapter Configuring Filters Using the CLICopy Traffic From Any Network Port to Any Monitor Port Enter filter commit. The switch connection is activatedLter add inports=n1.1 action=redir redirports=m.3-m.5 Regenerate Traffic to Any Set of Monitor PortsTo create a filter that selects IPv4 packets by protocol Create FiltersLogical and filter connection Create Complex FiltersUDP View filtersConfigurable 10 Gigabit XFP ports used as Network ports Work with configurable 10 Gigabit portsXFP Port Protocol = Monitor Port CAM Understand filter interactionsFlow diagram now looks as follows N1.1 ipproto=UDP action=drop N1.1 m.1 Exclusive filtersUnderstand pending and active filters To change the Director filter configurationFilter running command Enter filter list to view the pending filter list Inports=n1.1-n1.7 Ipproto=6 Vlan=100 Redirports=m.1-m.5,m.10 Filter capacityDaisy-chaining Multiple Director Chassis Specifications, chassis Appendix a Director SpecificationsEnvironmental Specifications, DNMCertifications Available ModelsAppendix B Command Line Interface Commit Command Sub-Command Arguments Example and descriptionFilter discard Image Quit User add name=bob pw=bob-pw priv=3 Filter parameters Vlan=128 Director Filter Parameters Qual Value Example DescriptionNum Keyword Protocol Appendix C Protocol NumbersMobile L2TP Limitations on Warranty and Liability By Net Optics, Inc. All Rights Reserved
Top Page Image Contents