Configuring vFlows with User Defined Fields (UDFs)


A User Defined Field (UDF) can match up to 128 bytes of a packet starting from the first byte of the packet. The relative offset can be given to the match location. The length of the match can be from 1 to 4 bytes. Hardware with a Trident chip supports the creation of 8 UDF IDs. Each id can match a 2 byte portion of a packet. Creating a UDF with a length of 3 or 4 bytes requires 2 UDF IDs whereas a UDF with length of 1 or 2 bytes required 1 UDF id. The length specified for each UDF determines the total number of UDFs supported by Netvisor One. If you specify a length of 3 or 4 bytes, a maximum of 4 UDFs can be created. If you specify a length of 1 or 2 bytes, a maximum of 8 UDFs can be created.


A UDF adds a qualifier to the vFlow group, and you should create all UDFs before creating any vFlows.


This feature is disabled by default, and you must enable it using the following command:


CLI(network-admin@Spine1) >  vflow-settings-modify enable-user-defined-flow


You must reboot Netvisor One for the parameter to take effect on the platform.


To disable the feature, use the following command:


CLI(network-admin@Spine1) >  vflow-settings-modify no-user-defined-flow


A new command, udf-create, adds the qualifier to the UDF group in the hardware. This allocates UDF IDs based on the length. The command, vflow-create, also has new fields to provide the data and mask to be matched by the vFlow.


You can create vFlows with either one or two UDFs.


You cannot modify a UDF after adding it to a vFlow. You must delete the vFlow, modify the UDF, and re-create the vFlow with the modified UDF.

 

New Commands for UDF


To create a new UDF, use the following command:


CLI(network-admin@Spine1) >  udf-create name u1 scope local offset 10 length 2 header packet-start


udf-create

Create the UDF qualifier list

name name-string

Create the UDF name

scope local|fabric

Scope for the UDF

offset number-bytes

The offset in bytes. This is a value between 1 and 128.

length number-bytes

The length in bytes. This is a value between 1 and 4 bytes.

header packet-start|l3-outer|l3-inner|l4-outer|l4-inner

The header from where offset is calculated.


CLI(network-admin@Spine1) >  udf-delete name u1


udf-delete

Delete UDF qualifier list

name name-string

The name of the UDF to delete.


CLI(network-admin@Spine1) >  udf-modify name u1 scope local offset 20 length 4 header packet-start


udf-modify

Modify UDF qualifier list

name name-string

The name of the UDF to modify.

One or more of the following options:

 

offset number-bytes

The offset in bytes. This is a value between 1 and 128.

length number-bytes

The length in bytes. This is a value between 1 and 4 bytes.

header packet-start|l3-outer|l3-inner|l4-outer|l4-inner

The header from where offset is calculated.

 

CLI(network-admin@Spine1) >  udf-show


switch name scope offset length header

------ ---- ----- ------ ------ ------------

k2     u1   local 20     4      packet-start

k2     u2   local 24     4      packet-start



udf-show

Displays the UDF qualifier list

name name-string

Displays the UDF name

scope local|fabric

Displays the scope for the UDF

offset number-bytes

Displays the offset in bytes. This is a value between 1 and 128.

length number-bytes

Displays the length in bytes. This is a value between 1 and 4 bytes.

header packet-start|l3-outer|l3-inner|l4-outer|l4-inner

Displays the header from where the offset is calculated.

 

The command, vflow-create, has the following new parameters:


udf-name1 udf-name   

Specify the name of the UDF.

udf-data1 udf-data1-number

Specify UDF data1q with the format 0xa0a0a01

udf-data1-mask udf-data1-mask-number

Specify he mask for udf-data with the format 0xffffffff.

udf-name2 udf-name

Specify the name of the UDF.

udf-data2 udf-data2-number

Specify UDF data2 with the format 0xa0a0a01

udf-data2-mask udf-data2-mask-number

Specify the mask for udf-data with the format 0xffffffff.


CLI(network-admin@Spine1) >  vflow-create name vf scope local udf-name1 u1 udf-data 0x0a0a0a01 udf-data-mask1 0xffffffff udf-name2 u2 udf-data2 0x0a0a1400 udf-data-mask2 0xffffff00


CLI(network-admin@Spine1) >  vflow-show


switch name scope type  precedence udf-name1 udf-data1 udf-data-mask1

------ ---- ----- ----- ---------- --------- --------- --------------

K2     vf   local vflow default    u1        0xa0a0a01 0xffffffff

 

udf-name2 udf-data2 udf-data-mask2 enable

--------- --------- -------------- ------

u2        0xa0a1400 0xffffff00     enable