Configuring vFlows with User Defined Fields (UDFs)


Netvisor allows you to define policy filters through one of the arbitrary set of matching qualifiers as explained in the Filtering of Traffic Flows section.  One of the qualifier is the User Defined Field (UDF).


A UDF can match up to 128 bytes of a packet starting from the first byte of the packet.  The length of the match can be from 1 to 4 bytes. Hardware with a Trident chip supports the creation of 8 UDF IDs. Each id can match a 2 byte portion of a packet. Creating a UDF with a length of 3 or 4 bytes requires 2 UDF IDs whereas a UDF with length of 1 or 2 bytes required 1 UDF id. The length specified for each UDF determines the total number of UDFs supported by Netvisor One. If you specify a length of 3 or 4 bytes, a maximum of 4 UDFs can be created. If you specify a length of 1 or 2 bytes, a maximum of 8 UDFs can be created.


Limitation: UDF offset range supported for UDF header packet-start type ranges from 0-63. This limitation is applicable for all NRU03 platforms.


A UDF adds a qualifier to the vFlow group, and you should create all UDFs before creating any vFlows. This feature is disabled by default, and you can enable it by using the following command:


CLI(network-admin@Spine1) >  vflow-settings-modify enable-user-defined-flow


To disable the feature, use the following command:


CLI(network-admin@Spine1) >  vflow-settings-modify no-enable-user-defined-flow

 


Note: Reboot Netvisor OS for the changes (enable or disable commands) to take effect on the platform.


The command, udf-create, adds the qualifier to the UDF group in the hardware. This allocates UDF IDs based on the length. The command, vflow-create, has parameter  fields to provide the data and mask to be matched by the vFlow.  You can create vFlows with either one or two UDFs.

 

You cannot modify a UDF after adding it to a vFlow. You must delete the vFlow, modify the UDF, and re-create the vFlow with the modified UDF.

New Commands for UDF

 

To create a new UDF, use the following command:

 

CLI(network-admin@Spine1) >  udf-create name udf1 scope local offset 10 length 2 header packet-start

 

udf-create

Create the UDF qualifier list

name name-string

Create the UDF name

scope local|fabric

Scope for the UDF

offset number-bytes

The offset in bytes. This is a value between 1 and 128.

length number-bytes

The length in bytes. This is a value between 1 and 4 bytes.

header [packet-start|l3-outer|l3-inner|l4-outer|l4-inner]

The header from where offset is calculated.


To delete an UDF command:

 

CLI(network-admin@Spine1) >  udf-delete name udf1

 

udf-delete

Delete UDF qualifier list

name name-string

The name of the UDF to delete.

 

To modify an existing UDF command:

 

CLI(network-admin@Spine1) >  udf-modify name udf1 scope local offset 20 length 4 header packet-start

 

udf-modify

Modify UDF qualifier list

name name-string

The name of the UDF to modify.

One or more of the following options:

 

offset number-bytes

The offset in bytes. This is a value between 1 and 128.

length number-bytes

The length in bytes. This is a value between 1 and 4 bytes.

header packet-start|l3-outer|l3-inner|l4-outer|l4-inner

The header from where offset is calculated.

 

CLI(network-admin@Spine1) >  udf-show

 

switch        name  scope   offset  length   header

------        ----  -----  ------  ------   ------------

spine1    u1    local   20      4       packet-start

spine1    u2    local   24      4       packet-start

 

 

switch

Displays the name of the switch

udf-show

Displays the UDF qualifier list

name name-string

Displays the UDF name

scope local|fabric

Displays the scope for the UDF

offset number-bytes

Displays the offset in bytes. This is a value between 1 and 128.

length number-bytes

Displays the length in bytes. This is a value between 1 and 4 bytes.

header packet-start|l3-outer|l3-inner|l4-outer|l4-inner

Displays the header from where the offset is calculated.

 

The command, vflow-create, has the following additional parameters:

 

udf-name1 udf-name   

Specify the name of the UDF.

udf-data1 udf-data1-number

Specify UDF data1q with the format 0xa0a0a01

udf-data1-mask udf-data1-mask-number

Specify he mask for udf-data with the format 0xffffffff.

udf-name2 udf-name

Specify the name of the UDF.

udf-data2 udf-data2-number

Specify UDF data2 with the format 0xa0a0a01

udf-data2-mask udf-data2-mask-number

Specify the mask for udf-data with the format 0xffffffff.

 

For example, to create a vflow with UDF parameters, use the command:


CLI(network-admin@Spine1) >  vflow-create name udf1 scope local udf-name1 udf1 udf-data 0x0a0a0a01 udf-data-mask1 0xffffffff udf-name2 udf2 udf-data2 0x0a0a1400 udf-data-mask2 0xffffff00

 

CLI(network-admin@Spine1) >  vflow-show

 

name  scope type  precedence udf-name1 udf-data1  udf-data-mask1 udf-name2  udf-data2  udf-data-mask2

---- ----- ----- ---------- --------- ---------  --------------  --------- ---------   --------------  

udf1  local vflow  default     udf1    0xa0a0a01  0xffffffff             udf2       0xa0a1400  0xffffff00