Creating dedicated hardware filters
Creating dedicated hardware filters
Before we get into the details of the filter creation, we need to look at the underlying packet classification process.
Configuring packet classification
Dedicated hardware filters and QoS use the same packet classification process.
The basic construct in the classification process is a classifier. The syntax for creating a classifier on the switch is:
CREate CLASSifier=rule-id[MACSaddr={macaddANYDHCPSnooping}] [MACDaddr={macaddANY}][MACSMask=macadd][MACDMask=macadd] [MACType={L2UcastL2McastL2BcastANY}] [TPID={tpidANY}] [VLANPriority={0..7ANY}] [VLAN={vlanname1..<VIDMaxUser>ANY}] [INNERTpid={tpidANY}] [INNERVLANPriority={0..7ANY}] [INNERVLANId={vlanname1..4094ANY}] [ETHFormat={802.2-Tagged802.2-UntaggedETHII-Tagged ETHII-UntaggedNETWARERAW-TaggedNetwareraw-untagged
SNAP-TaggedSNAP-UntaggedANY}] [PROTocol={protocoltypeIPIPV6ANY}] [IPDScp={dscplistANY}] [IPTOs={0..7ANY}] [IPSAddr={ipaddmaskANYDHCPSnooping}] [IPDAddr={ipaddmaskANY}] [IPPRotocol={TCPUDPICMpIGMpOSPfipprotocolnumANY}] [IPXDAddr={ipxaddANY}] [IPXDSocket={NCPSAPRIPNNBDIAgNLSpIPXwanipxsocketnumANY}] [IPXSSocket={NCPSAPRIPNNBDIAgNLSpIPXwanipxsocketnumANY}] [TCPSport={portidport-rangeANY}] [TCPDport={portidport-rangeANY}]
[UDPSport={portidport-rangeANY}] [UDPDport={portidport-rangeANY}] [L4SMask=mask] [L4DMask=mask] [L5BYTE01=byteoffset,bytevalue[,bytemask]] [L5BYTE02=byteoffset,bytevalue[,bytemask]]
...
[L5BYTE16=byteoffset,bytevalue[,bytemask]] [TCPFlags={{UrgAckRstSynFin}[,...]ANY}] [ICmptype={AnyECHORplyUnreachableQuenchRedirectECHOADvertisement SolicitationTImeexceedParameterTSTAMPTSTAMPRplyINFOREQINFOREP ADDRREQADDRREPNAMEREqNAMERPlyicmp-type}] [ICMPCode={AnyFIlterFRAGMentFRAGReassmHOSTCommHOSTIsolatedHOSTPrec HOSTREdirectHOSTRTosHOSTTosHOSTUNKnownHOSTUNReachNETComm NETREdirectNETRTosNETTosNETUNKnownNETUNReachNOptrPOrtunreach PREcedentPROtunreachPTrproblemSourcerouteTtl
icmp-code}] [IGmptype={ANYQUeryV1ReportDVmrpPIMv1CTRaceV2ReportV2Leave MCTRACEResponseMCTRACEV3ReportMRAdvertMRSolicitMRTerminationigmp- type}]
[EIPBYTE01=byteoffset,bytevalue[,bytemask]] [EIPBYTE02=byteoffset,bytevalue[,bytemask]]
...
[EIPBYTE16=byteoffset,bytevalue[,bytemask]]
From this, it can be seen that there are a large number of different attributes upon which packets can be classified.
Most of these options are self-evident, but the following sections give more information about the L4 mask and the “inner” options. For information about the other options, see the Generic Classifier chapter of the Software Reference.
