Enhancing the vFlow Capability to Match Forwarding Type and Packet Resolution in ASIC

On certain platforms, where the VXLAN routing is supported using recirculation of packets by leveraging the  vxlan-loopback-trunk parameter,  the Layer 2 entries for route RMAC address, VRRP MAC address on VXLAN VLAN, or the Virtual Forwarder Interface (VFI) are programmed to point to vxlan-loopback-trunk ports in the hardware. As a result, any Layer 2 unicast packets destined for route RMAC address or the programmed VFIs do not reach the vRouter. NetVisor OS allows you to mitigate this problem by enabling you to create vFlow objects and specify the desired policy.

To create the vFlow object and to enable the match forwarding and packet resolution capability, use the command:

CLI (network-admin@switch) > vflow-create name <name-string> scope [local|fabric] in-port <port-list> fwding-type [vlan|vxlan|vle] packet-res [l2-unicast|l2-unknown-unicast|l2-multicast|l2-unknown-multicast|l2-broadcast] action [none|drop|to-port|to-cpu|trap|copy-to-cpu|copy-to-port|setvlan|add-outer-vlan|set-tpid|to-port-set-vlan|to-span|set-metadata|set-dscp|set-dmac|to-next-hop-ip|set-dmac-to-port|to-ports-and-cpu|set-vlan-pri|set-smac|drop-cancel-trap|to-ecmp-group|redirect-to-vrouter]

name <name-string>

Specify the name of the vFlow object.

scope [local|fabric]

Specify if the scope of the vFlow object is local or fabric

in-port <port-list>

Specify the incoming port for the vFlow object

fwding-type [vlan|vxlan|vle]

Specify the ASIC forwarding type

packet-res [l2-unicast|l2-unknown-unicast|l2-multicast|l2-unknown-multicast|l2-broadcast]

Specify the packet resolution in the ASIC

action [none|drop|to-port|to-cpu|trap|copy-to-cpu|copy-to-port|setvlan|add-outer-vlan|set-tpid|to-port-set-vlan|to-span|set-metadata|set-dscp|set-dmac|to-next-hop-ip|set-dmac-to-port|to-ports-and-cpu|set-vlan-pri|set-smac|drop-cancel-trap|to-ecmp-group|redirect-to-vrouter]

Specify the forwarding action to apply to the vFlow object

For example, to create a vFlow object: vflow1, scope: local, in-port number (port number of vxlan-loopback-trunk): 397,  with forwarding type: vxlan,  packet resolution in ASIC as l2-unicast and forwarding action to be applied to the vFlow object  as redirect-to-vrouter, use the command:

CLI (network-admin@switch) > vflow-create name vflow1 scope local in-port 397 fwding-type vxlan packet-res l2-unicast action redirect-to-vrouter

In the above example, port 397 is the port number of the vxlan-loopback-trunk and the action redirect-to-vrouter redirects the packets unmodified to data port.

To view the details, use the command:

CLI (network-admin@switch) > vflow-show

name   scope type  in-port burst-size precedence action             packet-res fwding-type enable table-name

----   ----- ----- ------- ---------- ---------- ----------------- ---------- ---------  ------ ----------------

vflow1 local vflow  397     auto       13       redirect-to-vrouter l2-unicast  vxlan      enable System-L1-L4-Tun-1-0