Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-Flow group commands | 69.28 KB |
Flow group commands
This feature is supported only in Release 6616 and later.
display telemetry flow-group
Use display telemetry flow-group to display the configuration and application status of flow groups.
Syntax
display telemetry flow-group [ group-id | name group-name ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.
name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.
slot slot-number: Specifies the slot number of the device, which is fixed at 1.
Usage guidelines
If you do not specify the group-id or name group-name option, this command displays the configuration and application status of all flow groups.
Examples
# Display the configuration of flow group 1 and its application status in slot 1.
<Sysname> display telemetry flow-group 1 slot 1
Flow group 1 (Successful)
ACL : 2001
Template :
destination-ip
destination-port
source-ip
source-port
Mode : Simple MOD
Aging time: 100 minutes
Rate limit: -
Max-entry : -
|
Field |
Description |
|
Flow group 2 named aaa (Successful) |
ID, name, and application status of the flow group. Values for the application status include: · Successful—The flow group is applied successfully. · Failed—The flow group fails to be applied for some reasons other than incomplete flow group configuration. · Inactive—The flow group has not been administratively applied. · Incomplete—The flow group fails to be applied because its configuration is incomplete. |
|
Rate limit |
This field is not supported in the current software version. Maximum rate of packets to the CPU in pps. A hyphen (-) indicates that no rate limit is configured. |
|
Max entry |
This field is not supported in the current software version. Maximum number of flow entries generated. A hyphen (-) indicates that no entry limit is configured. |
display telemetry flow-group flow-table
Use display telemetry flow-group flow-table to display the flow entries generated by flow groups.
Syntax
display telemetry flow-group flow-table [ [ group-id | name group-name ] | mod ] [ destination-ip dst-ip | destination-port dst-port | protocol protocol | source-ip src-ip | source-port src-port ] * [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.
name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.
mod: Specifies flow groups in simple MOD mode.
destination-ip dst-ip: Specifies the destination IP address.
destination-port dst-port: Specifies the destination port number.
protocol protocol: Specifies the network layer protocol.
source-ip src-ip: Specifies the source IP address.
source-port src-port: Specifies the source port number.
slot slot-number: Specifies the slot number of the device, which is fixed at 1.
Usage guidelines
If you do not specify flow groups, this command displays the flow entries generated by each flow group.
Examples
# Display the flow entries generated by flow group 1 for slot 1.
<Sysname> display telemetry flow-group flow-table 1 slot 1
Slot: 1
Flow group 1 (name: abc)
Mode: MOD
================================================================================
Src IP Dst IP Pro SPort DPort Aging Packets
In Src IP In Dst IP InP InSP InDP VXLAN ID Bytes
================================================================================
192.168.1.86 192.168.10.2 6 20 30 12m10s 10
- - - - - - 12400
Table 2 Command output
|
Field |
Description |
|
Mode |
Flow group mode: · MOD—Simple MOD mode. |
|
In Src IP |
This field is not supported in the current software version. Inner source IP address of VXLAN packets. |
|
In Dst IP |
This field is not supported in the current software version. Inner destination IP address of VXLAN packets. |
|
InP |
This field is not supported in the current software version. Inner network layer protocol. |
|
InSP |
This field is not supported in the current software version. Inner source port number. |
|
InDP |
This field is not supported in the current software version. Inner destination port number. |
|
VXLAN ID |
This field is not supported in the current software version. VXLAN ID. |
if-match acl
Use if-match acl to specify an ACL in a flow group.
Use undo if-match acl to remove an ACL from a flow group.
Syntax
if-match acl { acl-number | name acl-name }
undo if-match acl
Default
No ACL is specified in a flow group.
Views
Flow group view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an IPv4 ACL by its number. The following are available value ranges:
· 2000 to 2999 for basic ACLs.
· 3000 to 3999 for advanced ACLs.
name acl-name: Specifies the IPv4 ACL name, a case-insensitive string of 1 to 63 characters. The ACL name must start with an English letter.
Usage guidelines
A flow group takes effect only on the traffic that matches the specified ACL.
Only one ACL can be specified for a flow group.
An ACL referenced by a flow group supports only the 5-tuple (source IP address, destination IP address, source port number, destination port number, and protocol) and DSCP priority match items.
Examples
# Specify ACL 3000 in flow group 1.
<Sysname> system-view
[Sysname] telemetry flow-group 1
[Sysname-telemetry-flow-group-1] if-match acl 3000
Related commands
acl (ACL and QoS Command Reference)
telemetry flow-group
telemetry apply flow-group
Use telemetry apply flow-group to apply a flow group.
Use undo telemetry apply flow-group to remove the application of a flow group.
Syntax
telemetry apply flow-group { group-id | name group-name }
undo telemetry apply flow-group { group-id | name group-name }
Default
No flow group is applied.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.
name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply flow group 1.
<Sysname> system-view
[Sysname] telemetry apply flow-group 1
Related commands
telemetry flow-group
telemetry flow-group
Use telemetry flow-group to create a flow group and enter its view, or enter the view of an existing flow group.
Use undo telemetry flow-group to delete a flow group.
Syntax
telemetry flow-group group-id [ name group-name ] [ mode simple-mod ]
undo telemetry flow-group { group-id | name group-name }
Default
No flow groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a flow group ID. The value range for this argument is 1 to 7.
name group-name: Specifies a flow group name, a case-sensitive string of 1 to 63 characters. The name must be globally unique and cannot start with system-defined-.
mode: Specifies a flow group mode.
· simple-mod: Specifies the simple MOD mode.
Usage guidelines
The flow entries generated by a flow group can be used by other features. Only flow groups in simple MOD mode are supported in the current software version. Flow groups in simple MOD mode are used by MOD. This mode has a higher burden on the CPU but saves hardware resources.
Only one flow group can be applied.
You cannot name or rename an existing flow group and cannot modify the mode of an existing flow group.
To delete an applied flow group, first remove the application and then delete the flow group.
Examples
# Create flow group 1 in MOD mode and enter its view.
<Sysname> system-view
[Sysname] telemetry flow-group 1
[Sysname-telemetry-flow-group-1]
# Create flow group 2 in simple MOD mode and enter its view.
<Sysname> system-view
[Sysname] telemetry flow-group 2 mode mice-elephant-flow
[Sysname-telemetry-flow-group-2]
# Create flow group 3 in elephant/mice flow MOD mode and enter its view.
<Sysname> system-view
[Sysname] telemetry flow-group 3 mode simple-mod
[Sysname-telemetry-flow-group-3]
telemetry flow-group aging-time
Use telemetry flow-group aging-time to set the aging time for flow entries.
Use undo telemetry flow-group aging-time to restore the default.
Syntax
telemetry flow-group aging-time aging-time
undo telemetry flow-group aging-time
Default
The aging time for flow entries is 15 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the aging time for flow entries in minutes. The value range for this argument is 1 to 16.
Examples
# Set the aging time for flow entries to 20 minutes.
<Sysname> system-view
[Sysname] telemetry flow-group aging-time 20
template
Use template to configure a flow entry generation rule.
Use undo template to delete a flow entry generation rule.
Syntax
template { destination-ip | destination-port | protocol | source-ip | source-port } *
undo template
Default
No flow entry generation rule is configured.
Views
System view
Predefined user roles
network-admin
Parameters
destination-ip: Generates flow entries based on the destination IP address.
destination-port: Generates flow entries based on the destination port number.
protocol: Generates flow entries based on the Layer 3 protocol type.
source-ip: Generates flow entries based on the source IP address.
source-port: Generates flow entries based on the source port number.
Usage guidelines
This command enables the device to identify traffic and generate flow entries based on the specified header fields.
Examples
# Configure flow group 1 to generated flow entries based on the source IP address, destination IP address, source port number, and destination port number.
<Sysname> system-view
[Sysname] telemetry flow-group 1
[Sysname-telemetry-flow-group-1] template destination-ip destination-port source-ip source-port
Related commands
telemetry flow-group
