Packetmaster filter rules

Fillter rules for Packetmaster EX series

All with a read dot marked fields can be used as filter match also in combination

 

 

Packetmaster filter rules
in_port=port_number Ingress port number
dl_src=xx:xx:xx:xx:xx:xx Ethernet source address
dl_dst=xx:xx:xx:xx:xx:xx [/ xx:xx:xx:xx:xx:xx] Ethernet destination address
This keyword supports a wildcard mask following the slash. Only four masks are allowed.
− 01:00:00:00:00:00
   Match only the multicast bit. Thus, dl_dst = 01:00:00:00:00:00/01:00:00:00:00:00
   matches all multicast (including broadcast) Ethernet packets, and dl_dst =
   00:00:00:00:00:00/01:00:00:00:00:00 matches all unicast Ethernet packets.
fe:ff:ff:ff:ff:ff
   Match all bits except the multicast bit. This is probably not useful.
ff:ff:ff:ff:ff:ff
   Exact match (equivalent to omitting the mask)
− 00:00:00:00:00:00
   Wildcard all bits (equivalent to dl_dst = *).
dl_type=ethertype Ethernet Protocol type ethertype, such as 0x0806 to match ARP packets
dl_vlan_pcp=priority Matches IEEE 802.1q Priority Code Point (PCP) priority
dl_vlan=vlan Matches IEEE 802.1q Virtual LAN tag vlan
vlan_tci=tci Matches modified VLAN TCI
nw_src=ip[/netmask] IPv4 source address
nw_dst=ip[/netmask] IPv4 destination address
The optional
netmask allows restricting a match to an IPv4 address prefix. The netmask
may be specified as a dotted quad (e.g. 192.168.1.0/255.255.255.0) or as a CIDR block (e.g.
192.168.1.0/24).
When
dl_type=0x0806 or arp is specified, matches the arp_spa or arp_tpa field,
respectively, I ARP packets for IPV4 and Ethernet.
When
dl_type is wildcarded or set to a value other than 0x0800 or 0x0806, the values of
nw_src and nw_dst are ignored.
nw_proto=proto IP Protocol type proto which is specified as a decimal number between 0 and 255, inclusive
(e.g. 1 to match ICMP packets or 6 to match TCP packets)
nw_tos=tos IP ToS/DSCP traffic class field ToS which is specified as a decimal number between 0 and 255, inclusive.
tp_src=port UDP or TCP source port.
tp_dst=port

UDP or TCP destination port which is specified as a decimal number between 0 and 65535, inclusive

(e.g. 80 to match packets originating from a HTTP server)

icmp_type=type ICMP Protocol type which is specified as a decimal number between 0 and 255
When
dl_type and nw_proto take other values other than ICMP, the values of this setting is ignored.
icmp_code=code ICMP Protocol code which is specified as a decimal number between 0 and 255
When
dl_type and nw_proto take values other than ICMP, the values of this setting isignored.
idle_timeout=seconds Causes the flow to expire after the given number of seconds of inactivity
A value of 0 (the default) prevents a flow from expiring due to inactivity.
hard_timeout=seconds Causes the flow to expire after the given number of seconds, regardless of activity
A value of 0 (the default) gives the flow no hard expiration deadline.

Wildcard match fields:

  • IN_PORT
  • MAC_SA/MAC_DA
  • VLAN_ID/
  • VLAN_PCP
  • ETHER_TYPE
  • ICMP TYPE/ICMP CODE ARP_OP/ARP_SPA/ARP_TPA IPSA/IPDA/IP_DSCP
  • L3_PROTOCOL TCP_SRC_PORT/TCP_DST_PORT UDP_SRC_PORT/UDP_DST_PORT
  • GRE TUNNEL ID
  • MPLS_LABEL

Available Actions:

  • OUTPUT
  • SET_FIELD
    MAC_SA/MAC_DA/VLAN_VID/VLAN_PCP/IPV4_DA/TCP_DST_PORT/UDP_DST_PORT/
    MPLS_LABEL/MPLS_TC/TUNNEL_ID (means change the field)

 

  • PUSH_MPLS/POP_MPLS
  • PUSH_VLAN/POP_VLAN
  • DEC_IP_TTL
  • SET_MPLS_TTL
Saturday, 01 May 2010 Posted in EX2, EX5-2, EX 6, EX12

Cubro Solutions

aggregation 40 x 10 Gbit links with one EX 20400

Cubro now offers a "NEW" Packetmaster solution with 80 x 10 Gbit Ethernet ports.
The base unit is the EX 20400 with a new firmware that gives us the possibility to convert
a 40 Gbit port into 4 independent 10 Gbit ports.

Stacking Packetmasters

Customer Solution!

Request: aggregation and filtering traffic for monitoring system 32 x 1 Gbit links & 10 x 10 Gbit links

Aggregation of an 10 Gbit link and output to an 10 Gbit port

Aggregation of one 10 Gbit link with optical splitter to 10 Gbit fibre output

Aggregation of two 10 Gbit span ports to 1 10 Gbit output with EX2+

This application is normally not possible because the EX2+ has only two 10 Gbit ports and you need 3 to do this job.  But we at Cubro give our units some extra features to do this with two ports.

A optical ports has an transmitter and a receiver part, this two “ports” can be used separately in all Cubro NPB. The other feature what you need is the optical tap at the back.

100 Gbit LR4 multiple splitting

Sometimes it is needed to tap a 100 Gbit LR4 link more than one time, this is not easy because the optical budget is too small to do that.

EX2 media & speed converter

In this very simple solution the Packetmaster EX2 works only as a bidirectional media and speed converter. The size and the fan less construction, makes the EX2 the flexibles’ and cheapest device on the market.

Cubro NPB units support bypass function

The Cubro Bypass Application is a superior way to provide a fail-safe access port for an in-line monitoring appliance. From EX2 with Gbit up to EX 20400 with 100 Gbit bypass feature. With and without optical layer 1 switch support.

 

Layer 1 Media Conversion

The Cubro 1/10 Gbit Media converter is a nice a simple tool to solve many problems in the daily network business. You can select the media by changing the SFP. The unique design supports also CWDM / DWDM and BIDI SFP.

384 x 10 Gbit ports cross connect

We use 6 Packetmaster EX 20400 to realize this 384 x 10 Gbit port cross connect !

  • 400 Gbit backbone
  • tunneling via VXLAN
  • non blocking
  • any to any & many to any & any to many support
  • easy expandable

 

STP Monitoring multi 100 Mbit links

To monitor hundreds of 100 Mbit links, like on an SMS centre or on an STP, Cubro offers and flexible and price wise solution with 100 Mbit Flextap and Cubro Packetmaster EX5-2 as aggregator and filter device.

Amplification

You can enlarge the transfer range of your media dramatically without risking errors on your data. The examples below show some common options, but a lot more combinations are possible.

EX2 Multi Gbit Cooper aggregation

The Packetmaster EX2 can work as a dual link TAP with dual aggregation output, with filtering and load balancing, at the same time.