Configuring Bridge Domain Aware vFlow

---

Starting from Netvisor ONE release 6.1.0, you can create vFlows that accept bridge domains as a filtering parameter. This release also allows you to configure vFlows that use the direction of VXLAN traffic as a qualifier.

You can use the bd parameter in the vflow-create  command to filter network traffic based on the bridge domain. For example, to configure a vFlow that drops packets that hits the ingress port 10 of bridge domain bd1, use the command:

CLI (network-admin@switch) > vflow-create name bd-vflow scope local bd bd1 in-port 10 action drop

CLI (network-admin@switch) > vflow-show name bd-vflow

switch  name     scope type  bd  in-port burst-size precedence action enable

------- -------- ----- ----- --- ------- ---------- ---------- ------ ------

switch  bd-vflow local vflow bd1 10      auto       default    drop   enable

Use the in-port and from-tunnel-decap parameters in the vflow-create command to filter traffic based on whether VXLAN traffic is entering a port or is decapsulated from a tunnel. For example, to configure a vFlow that copies VXLAN ingress traffic to the CPU, use the parameters vxlan and in-port in conjunction.

CLI (network-admin@switch) > vflow-create name vxlan-ingress-vflow scope fabric vxlan 10100 in-port 25 action copy-to-cpu

CLI (network-admin@switch) > vflow-show name vxlan-decap-vflow layout vertical

switch:            switch

name:              vxlan-ingress-vflow

scope:             fabric

type:              vflow

in-port:           25

burst-size:        auto

precedence:        8

action:            copy-to-cpu

vxlan:             10100

from-tunnel-decap: 

enable:            enable

table-name:        System-L1-L4-Tun-1-0

Similarly, to configure a  vFlow that filters decapsulated VXLAN tunnel traffic, use the vxlan and from-tunnel-decap parameters together:

CLI (network-admin@switch) > vflow-create name vxlan-decap-vflow scope fabric vxlan 10101 from-tunnel-decap action drop

CLI (network-admin@switch) > vflow-show name vxlan-decap-vflow layout vertical

switch:            switch

name:              vxlan-decap-vflow

scope:             fabric

type:              vflow

burst-size:        auto

precedence:        8

action:            drop

vxlan:             10101

from-tunnel-decap: yes

enable:            enable

table-name:        System-L1-L4-Tun-1-0

Note: 

• You can configure the from-tunnel-decap parameter only if the vxlan parameter is configured.
• The from-tunnel-decap and in-port parameters are mutually exclusive when used along with the vxlan parameter as these parameters pertain to opposite directions of traffic flow.