Managing Traffic Classes with vFlow
Netvisor ONE provides a full set of traffic class features, including the ability to view and create traffic classes, as well as assign traffic classes to vflows to manage the quality of service of the vflow traffic.
To display the currently defined traffic classes:
CLI network-admin@switch > vflow-class-show
name scope type priority cos
------------- ------ ------ -------- ---
meter fabric system 0 0
class0 fabric system 0 0
class1 fabric system 1 1
class2 fabric system 2 2
class3 fabric system 3 3
class4 fabric system 4 3
class5 fabric system 5 4
class6 fabric system 6 4
class7 fabric system 7 5
class8 fabric system 8 6
The higher the priority number, the higher the priority of the class. You can set the priority between two (lowest priority) and eight (highest priority). To add a vflow class, use the vflow-class-create command:
CLI network-admin@switch > vflow-class-create name traffic-1 scope fabric priority 8
This creates a traffic class with a scope of fabric. The priority indicates which egress CoS queue is selected when the packets are forwarded.
To add a traffic class to a vFlow, create a vFlow and assign a traffic class. The flow-class maps the CoS queue to the egress ports. In this case the vflow is for a single IP address:
CLI network-admin@switch > vflow-create name test1 scope local src-ip src-ip-mask action none flow-class class8
CLI network-admin@switch > vflow-show name test1 layout vertical
switch: aquila12
name: test1
scope: local
type: vflow
vlan: 0
proto: ip
flow-class: class8
pri: 8
action: none
Traffic from IP address now has a very high priority throughout the switch. For a similar high priority throughout the fabric use scope fabric rather than scope local.
Applying CoS Queue Mapping based on Re-Marked DSCP in vFlow
Currently, Netvisor ONE allows a vFlow to mark or re-mark matched packets with a DSCP value on egress. Netvisor ONE does not prioritize this traffic in terms of the egress port CoS queue selected for transmit. Another feature, Enabling DSCP to Priority and CoS Mappings introduces the ability to create DSCP QoS maps and apply to ports, but the maps apply to ingress packets. This feature introduces the ability prioritize traffic based on the remarked DSCP value in a vFlow
Netvisor ONE enables you to create named DSCP maps as independent objects, and applies the maps to ingress ports for prioritization of packets based on the DSCP markings. In this feature, you can apply the same maps in a vFlow. QoS maps can be applied to ports, but not to Flow Processor entries corresponding to vFlows. This implementation does the prioritization explicitly, since flows can be configured with CoSQ values. The implementation has the following features:
Verify the DSCP map named in the vFlow exists.
Determine the priority and CoS for the DSCP value assigned to the vFlow.
Apply this CoS value to the Flow Processor entry in hardware.
Reconfigure CoS in the flow when the vFlow DSCP setting changes.
Prevent deleting a DSCP map in use by a vFlow.
Update the CoS setting of vFlows using the DSCP map when the DSCP map priority settings are updated.
You can specify the name of a DSCP map in the vflow-create command:
dscp-map dscp-map name | none
Specify the DSCP map to apply on the flow. Please reapply if map priorities are updated.
Configuring Burst Size in vFlow with Maximum Bandwidth Option
The vflow-create and vflow-modify commands support a configurable burst-size parameter. This feature enables you to specify different burst-sizes for different types of metered traffic. For example, you can configure higher burst levels for a metered application that may produce bursty traffic patterns when you click on it, such as a media-rich Web page link.
This feature defaults to burst-size auto, which auto-calculates the burst size based on the maximum bandwidth settings for the vFlow. You can configure a burst-size number between 0 through 134MB. The command syntax is:
CLI network-admin@switch > vflow-create name name-string scope local|fabric in-port port-list bw-max bw-max-number burst-size number
For example, to create a vFlow with a burst size of 12 MB, use the following syntax:
CLI network-admin@switch > vflow-create name flow1 scope local in-port 12 bw-max 5G burst-size 12M
Displaying Multiple Objects for Show Commands
In previous versions of software, Netvisor ONE could not display multiple objects for show commands. Netvisor ONE displayed either one object or all objects in show ouput. For example, the show command, vflow-show, displayed all vFlows or just one specified vFlow.
Now, you can specify multiple objects to display. For example, for vflow-show, you can specify which vFlows to display:
CLI (network-admin@Leaf1)>vflow-show name
CLI (network-admin@Leaf1)>cpu-class-show name arp,dhcp,l3-miss
switch name scope rate-limit hog-protect hog-protect-support queue
-------- ------- ----- ---------- ----------- ------------------- -----
Leaf1    arp local 1000 disable supported 21
Leaf1    dhcp local 1000 disable none 24
 Leaf1    l3-miss local 1000 disable none 10
Support for Policy-based Routing
Policy-based Routing (PBR) enables flexible packet forwarding and routing through user defined policies. Unlike traditional routing based on destination IP address only, PBR allows you to define routes based on other parameters such as source and destination IP addresses, protocol, or souce and destination port numbers.
Policy-based routes can match packets based on the following criteria:
All Layer 4 and Layer 3 fields similar to those in vFlow configurations.
Policy based routes are higher priority than static and dynamic routes.
If no match or next-hop is not resolved, then traffic drops until Netvisor ONE resolves the next-hop.
Configure PBR using vFlow commands. Internally, policy routing of the packets uses a vFlow entry. PBR vFlow entries are created in a new vFlow table, System-L3-L4-PBR.
To enable PBR, use the following command:
(CLI network-admin@Spine1)>system-settings-modify policy-based-routing
To disable PBR, use the following command:
(CLI network-admin@Spine1)>system-settings-modify no-policy-based-routing
To display the vFlow table, use the following command to display the PBR table:
(CLI network-admin@Spine1)>vflow-table-show
switch name                 flow-max   flow-used flow-tbs-slices capability   flow-profile
-------- --------------------  --------   --------- --------------- -------------  --------------
Spine1   System-L3-L4-PBR-1-0                                       set-metadata   system
You can only specify the scope as local.