Understand pending and active filters | Net Optics Director manual

Director

Understand pending and active filters

To understand the actions of filter commands such as filter commit, filter discard, and filter delete, it is helpful to visualize the pending filter list and the CAM that holds the active filters.

The previous section explained how the active filters are stored in a CAM, which can be thought of as list of active filters. These filters, which are actively running in the device, may be referred to as active, running, or committed. Pending filters, that is, filters that have been defined using filter add and filter ins commands but not yet committed, are kept in a pending filter list that shadows the CAM. These filters may be referred to as pending or uncommitted. The following table shows which filter commands affect the pending filter list and which affect the CAM.

Commands apply to

Pending filter list	CAM

filter add	commit
filter del	filter clear
filter discard	filter commit
filter ins	filter running
filter list
filter sync

As can be seen from the table, most of the time you work with the contents of the pending filter list. When you have the filters set up the way you want them in the pending filter list, a commit or filter commit command transfers the con- tents of the pending filter list to the CAM, activating that filter set-up. (Remeber that commit also changes Director's default configuration, but filter commit does not.)

A common workflow for changing the Director filter configuration might be as follows.

To change the Director filter configuration:

		Pending filter list			CAM

	Address	Filter		Address	Filter

				1	n1.1 ip_proto=UDP action=drop

				2	n1.1 m.1

Figure 39: Starting state

36

Image 40

Net Optics manual Understand pending and active filters, To change the Director filter configuration

Contents

Data Monitoring Switch Trademarks and Copyrights Contents Chapter Configuring Filters Using the CLI ChapterAppendix a Appendix B Chapter Introduction Key Features Ease of UseMonitor port Filtering Passive, Secure Technology About this Guide Description Director Architecture Director internal architecture USB port Director Management Typical Application Network Links Monitoring Tools 10 Gigabit in-line network connection using a network Tap In-line Monitoring of 10 Gigabit Links Power LEDs Director Front PanelMonitor Port LEDs DNM / Network Port LEDs Director Rear Panel XFP Chapter Installing Director Plan the Installation Unpack and Inspect the Director device Install SFP and XFP Monitor port Modules Install Director Network ModulesRack Mount the Director device Connect Power to Director Connect the local CLI Interface Connect the remote CLI Interface Baud Data bits No parity 1 stop bit No flow controlTip To connect the CLI for remote use over the Management port Log into the CLI To log into the CLI Change Director Password Configure Director using the CLITo change the login password To change the port mode Assign a New Manager IP AddressTo assign a new Manager IP address to Director Change Port Modes Save and Load Director Configurations Set the Current Date and Time Using the CLI Help Command To view CLI help information Using the CLI Command History Buffer Show name show running, factory, default, or file name Connect Span Ports to Director To connect a Span port Connect Director With In-line Network Links To connect an in-line network link Check the Installation Configure a Matrix Switch connection in DirectorConnect Monitoring Tools to Director Chapter Configuring Filters Using the CLI Syntax Enter filter commit. The switch connection is activated Copy Traffic From Any Network Port to Any Monitor Port Regenerate Traffic to Any Set of Monitor Ports Lter add inports=n1.1 action=redir redirports=m.3-m.5 Create Filters To create a filter that selects IPv4 packets by protocol Create Complex Filters Logical and filter connection View filters UDP Work with configurable 10 Gigabit ports Configurable 10 Gigabit XFP ports used as Network ports XFP Port Protocol = Monitor Port Understand filter interactions CAM Flow diagram now looks as follows Exclusive filters N1.1 ipproto=UDP action=drop N1.1 m.1 To change the Director filter configuration Understand pending and active filters Filter running command Enter filter list to view the pending filter list Filter capacity Inports=n1.1-n1.7 Ipproto=6 Vlan=100 Redirports=m.1-m.5,m.10 Daisy-chaining Multiple Director Chassis Appendix a Director Specifications Specifications, chassis Specifications, DNM EnvironmentalCertifications Available Models Appendix B Command Line Interface Command Sub-Command Arguments Example and description Commit Filter discard Image Quit User add name=bob pw=bob-pw priv=3 Filter parameters Director Filter Parameters Qual Value Example Description Vlan=128 Appendix C Protocol Numbers Num Keyword Protocol Mobile L2TP Limitations on Warranty and Liability By Net Optics, Inc. All Rights Reserved