Support for Virtual Link Extension (VLE) Analytics

Currently, Netvisor OS does not copy VLE traffic control frames to the CPU on the switch. Inner tag, if present, is not removed as well. This is achieved by installing a system vFlow, Virtual-Link-Extend, with highest priority 15 with no action specified so that LLDP or other control frames are not terminated and sent to CPU.

To support VLE analytics, a few additional system vFlows are installed with the same priority as the existing Virtual-Link-Extend vFlow to copy TCP-SYN/FIN/RST packets to CPU. This ensures that any VLE-SYN/FIN/RST packets are targeted for System-VLE-x flows and not Virtual-Link-Extend flow.

vflow-show format name,scope,type,proto,tcp-flags,precedence,action,enable

 

name                   scope type   proto tcp-flags precedence action      enable

---------------------- ----- ------ ----- --------- ---------- ----------- ------

System-VLE-S           local system tcp   syn       15         copy-to-cpu enable

System-VLE-F           local system tcp   fin       15         copy-to-cpu enable

System-VLE-R           local system tcp   rst       15         copy-to-cpu enable

Virtual-Link-Extend    local system                 15         none        enable

 

connection-show

vnet vlan vxlan src-ip     dst-ip     dst-port cur-state syn-resends syn-ack-resends

---- ---- ----- ---------- ---------- -------- --------- -----------

100  100   20.20.20.1 20.20.20.2 http     fin       0           0

 

latency obytes ibytes total-bytes age

------- ------ ------ ----------- --------

74.8us  149    311    460         2h11m21s