Use Cases for Network Packet Broker

  • From NetVisor OS version 7.0.0, you can add the same port to multiple destination vPGs.

For example, you can add a common port to two distinct destination vPGs dvpg1 and dvpg2 to obtain partially overlapping traffic on the destination ports, as demonstrated by the configuration steps below:

Configure the source vPG:

CLI (network-admin@Leaf1) > vpg-create name svpg1 type source ports 27

Configure destination vPGs dvpg1 and dvpg2 with a common port 30: 

CLI (network-admin@Leaf2) > vpg-create name dvpg1 type destination ports 30,40

CLI (network-admin@Leaf2) > vpg-create name dvpg2 type destination ports 30

Configure vFlows that forward ICMP traffic to dvpg1 and HTTP traffic to dvpg2.

CLI (network-admin@Leaf1) > vflow-create name flow1 scope fabric src-vpg svpg1 dst-vpg dvpg1 proto icmp

CLI (network-admin@Leaf1) > vflow-create name flow2 scope fabric src-vpg svpg1 dst-vpg dvpg2 proto http

With this configuration, port 30 receives both HTTP and ICMP traffic as it is a part of both the destination vPGs, while port 40 receives ICMP traffic alone.

  • From NetVisor OS version 7.0.0, to configure a vFlow to send traffic from a source vPG to destination vPG after stripping the outer VLAN tag of single-tagged or double-tagged packets, use the vFlow action strip-outer-vlan. For example:

CLI (network-admin@switch) > vflow-create name flow1 scope fabric src-vpg vpg1 dst-vpg vpg2 action strip-outer-vlan

CLI (network-admin@switch) > vflow-show format name,scope,src-vpg,dst-vpg,action,table-name

name  scope  src-vpg dst-vpg action           table-name

----- ------ ------- ------- ---------------- ---------------------

flow1 fabric vpg1    vpg2    strip-outer-vlan System-VCAP-table-1-0

  • From NetVisor OS 6.1.0 onward, the vFlow parameters src-mac and dst-mac are supported in the System-VCAP table in addition to the System-L1-L4 table. This enhancement allows you to use these parameters while configuring the Network Packet Broker (NPB) solution. For example:

CLI (network-admin@switch) > vflow-create name flow1 scope fabric src-mac 00::0a dst-mac 00::aa src-vpg vpg1 dst-vpg vpg2

CLI (network-admin@switch) > vflow-show format,name,id,scope,in-port,src-mac,dst-mac,src-vpg,dst-vpg,table-name

name  id         scope  type  in-port src-mac dst-mac src-vpg dst-vpg  table-name

----- ---------- ------ ----- ------- ------- ------- ------- -------  ---------------------

flow1 9000a92:41 fabric vflow 13      00::aa  00::aa  vpg1    vpg2     System-VCAP-table-1-0

  • NetVisor OS version 6.1.0 introduces the inner-vlan vFlow parameter to support filtering of traffic based on the inner VLAN of a QinQ frame. This parameter is supported by the System-L1-L4 hardware table and can be configured as part of NPB deployments. You can set a metadata value for the NPB vFlow in System-VCAP table, and this value can be supplied along with inner-vlan parameter in another vFlow for filtration of NPB traffic based on inner VLAN ID. 

For example, create a NPB vFlow and assign a metadata value to it:

CLI (network-admin@switch) > vflow-create name vflow2 scope fabric src-vpg vPG1 dst-vpg vPG2 set-metadata action-value 201        

Use the metadata value to configure vFlows that permit and drop NPB traffic with respect to the inner-vlan parameter.

Create a vFlow to permit NPB traffic with inner VLAN ID 10:

CLI (network-admin@switch) > vflow-create name vflow3 scope fabric metadata 201 inner-vlan 10 precedence 14 action none

CLI (network-admin@switch) > vflow-show 

switch name  scope type  inner-vlan in-port burst-size precedence enable table-name           

------ ----- ----- ----- ---------- ------- ---------- ---------- ------ --------------------

switch flow2 local vflow 10         10      auto       default    enable System-L1-L4-Tun-1-0

Create a vFlow to drop all other NPB traffic:

CLI (network-admin@switch) > vflow-create name vflow4 scope fabric metadata 201 precedence 13 action drop

  • NetVisor OS version 6.1.0 supports the configuration of a vFlow action along with traffic redirection from a source vPG to a destination vPG, using a single command. In earlier versions of NetVisor OS, this required two separate vFlow commands: one for configuring source and destination vPGs and another for configuring the action.

For example, you can configure an action of setvlan to assign a VLAN to all the packets that are copied between the source and destination vPGs:

CLI (network-admin@switch1) > vflow-create name TAP1-TOOL2 scope fabric proto tcp src-vpg TAP-GROUP-1 dst-vpg TOOL-GROUP-2 action setvlan action-value 20

The command above assigns VLAN 20 to the copied packets.