Configuring Traffic Filtering Using vFlows in VirtualWire Mode
A switch in a VirtualWire fabric is capable of filtering traffic at wire speed. You can configure traffic filtering in cases such as, when multiple streams of traffic arrives into a single port and if each flow needs to be redirected to different egress ports. A vFlow classifies traffic based on various factors such as the ingress port, source-mac, destination-mac, source-ip, destination-ip, vlan, egress-port, ether-type, protocol, and so on.
All the vFlows created in VirtualWire mode must be configured under the L1-Virtual-Wire-1-0 table.
For more details on vFlows, see the Netvisor ONE Configuration Guide on Pluribus Networks website.
In Figure 6-X, a VirtualWire switch is used to share a traffic generator across two DUTs. In this topology, two traffic flows come in from the traffic generator towards the VirtualWire switch on port 3 on two different subnets. Use the VirtualWire switch to filter the incoming streams based
on the source IP addresses and redirect them toward the required destination.
Figure 1-6: VirtualWire with vFlows for Traffic Filtering
To configure traffic filtering on the VirtualWire switch, use the following commands:
- Configure a multi-port association with any-master policy by using the command:
CLI (network-admin@vw-switch) > port-association-create name name-string master-ports port-list slave-ports port-list virtual-wire bidir policy any-master
port-association-create |
Creates a port association between different ports. |
name name-string |
Specify the name for the port association. |
master-ports port-list |
Specify the master ports. |
slave-ports port-list |
Specify the slave ports. |
virtual-wire|no-virtual-wire |
Specify the virtual-wire keyword for the associated ports to form a VirtuialWire. |
bidir|no-bidir |
Specify bidir keyword to establish a bi-directional port state tracking. |
policy all-masters|any-master |
Specify the port association policy, the default policy is all-masters. |
Below is an example configuration named filer-traffic by specifying the master ports, 20, 49 and slave ports as 3; with any-master policy:
CLI (network-admin@vw-switch) > port-association-create name filer-traffic master-ports 20,49 slave-ports 3 virtual-wire
bidir policy any-master
- Create two vFlows on the VirtualWire switch to filter traffic based on source IP address:
CLI (network-admin@vw-switch) > vflow-create name name-string scope local|fabric src-ip ip-address in-port port-list action toport action-to-ports-value port-list table vflow-table-name precedence 15
vflow-create |
Creates a virtual flow definition. |
name name-string |
Specify the name for the vFlow. |
scope local|fabric |
Specify the scope for the vFlow configuration. |
src-ip ip-address |
Specify the source IP address for the vFlow. |
in-port |
Specify the incoming port for the vFlow. |
action |
Specify the forwarding action to apply to the vFlow. |
action-to-ports-value port-list |
Specify the port value for the specified action. |
table vflow-table-name |
Specify the table name as L1-Virtual-Wire-1-0 table. |
precedence |
Specify the traffic priority value between 2 and 15. |
For example, below is an example configuration for two vflows: filterstream1, and filterstream2:
CLI (network-admin@vw-switch) > vflow-create name filterstream1 scope local src-ip 10.0.100.250 in-port 3 action toport action-to-ports-value 20 table L1-Virtual-Wire-1-0 precedence 15
CLI (network-admin@vw-switch) > vflow-create name filterstream2 scope local src-ip 10.0.200.250 in-port 3 action toport action-to-ports-value 49 table L1-Virtual-Wire-1-0
precedence 15
Use the show command to view your configuration:
CLI (network-admin@vw-switch) > vflow-show name name-string