Configuring IPv6 Filters for Network Packet Broker

Netvisor ONE version 6.1.0 expands IPv6 filtering options for Network Packet Broker. To enable IPv6 filtering for NPB, you must first configure an IPv6 VLAN Content Aware Processing (VCAP) table. This IPv6 VCAP table is created by dividing the 512-entry VCAP table into 256 IPv4 entries and 256 IPv6 entries.


Create an IPv6 VCAP table by using the command:


CLI (network-admin@switch) > vflow-table-profile-modify profile ipv6-vcap hw-tbl switch-main enable

Note: Please reboot the system for this new profile setting to take effect


As seen from the CLI, the switch must be rebooted before the vFlow table profile modification can take effect.


After restarting the switch you can view the vFlow table profile configuration by using the command:


CLI (network-admin@switch*) > vflow-table-profile-show layout vertical

switch:              switch

profile:             ipv6-vcap

hw-tbl:              switch-main

enable:              enable

flow-capacity:       0

flow-slices-needed:  1

flow-slices-used:    0

comment:             VCAP-IPv6


View the vFlow table configuration by using the command:


    


 You can now create a vFlow to direct traffic from a source vPG to a destination vPG with IPv6 filters. For example, direct all traffic with IPv6 address 1000::1/64 from vPG-1 to vPG-10 by using the command:

 

CLI (network-admin@switch) > vflow-create name vpg_v6 scope local src-ip 1000::1/64 src-vpg vPG-1 dst-vpg vPG-10 table-name VCAP-IPv6-table-1-0


Note: You must specify the table name as VCAP-IPv6-table-1-0 in the vflow-create command to enable IPv6 filtering for NPB.


Use the vflow-show command to view the configuration.


CLI (network-admin@leo-norma2) > vflow-show name vpg_v6 layout vertical

switch:                switch

name:                  vpg_v6

type:                  vflow

src-ip:                1000::1/ffff:ffff:ffff:ffff::

burst-sizeprecedence:  autodefault

src-vpg:               vPG-1

dst-vpg:               vPG-10

enable:                enable

table-name:            VCAP-IPv6-table-1-0


To disable the IPv6 VCAP table, use the command:


CLI (network-admin@switch) > vflow-table-profile-modify profile ipv6-vcap hw-tbl switch-main no-enable

Note: Please reboot the system for this new profile setting to take effect

north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south