Enhancing the vFlow Capability to Match Forwarding Type and Packet Resolution in ASIC
On certain platforms, where the VXLAN routing is supported using recirculation of packets by leveraging the vxlan-loopback-trunk parameter, the Layer 2 entries for route RMAC address, VRRP MAC address on VXLAN VLAN, or the Virtual Forwarder Interface (VFI) are programmed to point to vxlan-loopback-trunk ports in the hardware. As a result, any Layer 2 unicast packets destined for route RMAC address or the programmed VFIs do not reach the vRouter. Netvisor ONE allows you to mitigate this problem by enabling you to create vFlow objects and specify the desired policy.
To create the vFlow object and to enable the match forwarding and packet resolution capability, use the command:
CLI (network-admin@switch) > vflow-create name <name-string> scope [local|fabric] in-port <port-list> fwding-type [vlan|vxlan|vle] packet-res [l2-unicast|l2-unknown-unicast|l2-multicast|l2-unknown-multicast|l2-broadcast] action [none|drop|to-port|to-cpu|trap|copy-to-cpu|copy-to-port|setvlan|add-outer-vlan|set-tpid|to-port-set-vlan|to-span|set-metadata|set-dscp|set-dmac|to-next-hop-ip|set-dmac-to-port|to-ports-and-cpu|set-vlan-pri|set-smac|drop-cancel-trap|to-ecmp-group|redirect-to-vrouter]
|
name <name-string> |
Specify the name of the vFlow object. |
|
scope [local|fabric] |
Specify if the scope of the vFlow object is local or fabric |
|
in-port <port-list> |
Specify the incoming port for the vFlow object |
|
fwding-type [vlan|vxlan|vle] |
Specify the ASIC forwarding type |
|
packet-res [l2-unicast|l2-unknown-unicast|l2-multicast|l2-unknown-multicast|l2-broadcast] |
Specify the packet resolution in the ASIC |
|
action [none|drop|to-port|to-cpu|trap|copy-to-cpu|copy-to-port|setvlan|add-outer-vlan|set-tpid|to-port-set-vlan|to-span|set-metadata|set-dscp|set-dmac|to-next-hop-ip|set-dmac-to-port|to-ports-and-cpu|set-vlan-pri|set-smac|drop-cancel-trap|to-ecmp-group|redirect-to-vrouter] |
Specify the forwarding action to apply to the vFlow object |
For example, to create a vFlow object: vflow1, scope: local, in-port number (port number of vxlan-loopback-trunk): 397, with forwarding type: vxlan, packet resolution in ASIC as l2-unicast and forwarding action to be applied to the vFlow object as redirect-to-vrouter, use the command:
CLI (network-admin@switch) > vflow-create name vflow1 scope local in-port 397 fwding-type vxlan packet-res l2-unicast action redirect-to-vrouter
In the above example, port 397 is the port number of the vxlan-loopback-trunk and the action redirect-to-vrouter redirects the packets unmodified to data port.
To view the details, use the command:
CLI (network-admin@switch) > vflow-show
name scope type in-port burst-size precedence action packet-res fwding-type enable table-name
---- ----- ----- ------- ---------- ---------- ----------------- ---------- --------- ------ ----------------
vflow1 local vflow 397 auto 13 redirect-to-vrouter l2-unicast vxlan enable System-L1-L4-Tun-1-0