Contents

Flow group commands· 1

display telemetry flow-group· 1

display telemetry flow-group flow-table· 2

if-match acl 4

telemetry apply flow-group· 6

telemetry flow-group· 6

telemetry flow-group aging-time· 7

telemetry flow-group max-entry· 8

template· 8

 

Flow group commands

MDC is supported only when the device operates in the standard mode. For more information about standalone mode, see IRF configuration in Virtual Technologies Configuration Guide. For more information about MDC and device models that support MDC, see MDC configuration in Virtual Technologies Configuration Guide.

display telemetry flow-group

Use display telemetry flow-group to display the configuration and application status of flow groups.

Syntax

In standalone mode:

display telemetry flow-group [ group-id | name group-name ] [ slot slot-number ]

In IRF mode:

display telemetry flow-group [ group-id | name group-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.

name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the configuration and application status on the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the configuration and application status on the global active MPU. (In IRF mode.)

Usage guidelines

If you do not specify the group-id or name group-name option, this command displays the configuration and application status of all flow groups.

Examples

# (In standalone mode.) Display the configuration of flow group 1 and its application status in slot 3.

<Sysname> display telemetry flow-group 1 slot 3

Flow group 1 (Failed)

  ACL       : 2001

  Template  :

    destination-ip

    destination-port

    source-ip

    source-port

    vxlan

      inner-destination-ip

      inner-source-ip

  Mode      : MOD

  Aging time: 100 minutes

  Rate limit: -

  Max entry : 200

Table 1 Command output

Field	Description
Flow group 2 named aaa (Successful)	ID, name, and application status of the flow group. Values for the application status include: ·     Successful—The flow group is applied successfully. ·     Failed—The flow group fails to be applied for some reasons other than incomplete flow group configuration. ·     Inactive—The flow group has not been administratively applied. ·     Incomplete—The flow group fails to be applied because its configuration is incomplete.
Rate limit	This field is not supported in the current software version. Maximum rate of packets to the CPU in pps. A hyphen (-) indicates that no rate limit is configured.
Max entry	Maximum number of flow entries generated. A hyphen (-) indicates that no entry limit is configured.

‌

display telemetry flow-group flow-table

Use display telemetry flow-group flow-table to display the flow entries generated by flow groups.

Syntax

In standalone mode:

display telemetry flow-group flow-table [ [ group-id | name group-name ] | mod ] [ destination-ip { dst-ipv4 | dst-ipv6 } | destination-port dst-port | protocol protocol | source-ip { src-ipv4 | src-ipv6 } | source-port src-port | vxlan [ inner-destination-ip { dst-ipv4 | dst-ipv6 } | inner-destination-port dst-port | inner-protocol protocol | inner-source-ip { src-ipv4 | src-ipv6 } | inner-source-port src-port | vxlan-id vxlan-id ] * ] * { slot slot-number }

In IRF mode:

display telemetry flow-group flow-table [ [ group-id | name group-name ] | mod ] [ destination-ip { dst-ipv4 | dst-ipv6 } | destination-port dst-port | protocol protocol | source-ip { src-ipv4 | src-ipv6 } | source-port src-port | vxlan [ inner-destination-ip { dst-ipv4 | dst-ipv6 } | inner-destination-port dst-port | inner-protocol protocol | inner-source-ip { src-ipv4 | src-ipv6 } | inner-source-port src-port | vxlan-id vxlan-id ] * ] * { chassis chassis-number slot slot-number }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.

name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.

mod: Specifies flow groups in MOD mode.

destination-ip { dst-ipv4 | dst-ipv6 }: Specifies the destination IPv4 or IPv6 address.

destination-port dst-port: Specifies the destination port number.

protocol protocol: Specifies the network layer protocol.

source-ip { src-ipv4 | src-ipv6 }: Specifies the source IPv4 or IPv6 address.

source-port src-port: Specifies the source port number.

vxlan: Specifies the VXLAN protocol.

·     inner-destination-ip { dst-ipv4 | dst-ipv6 }: Specifies the inner destination IPv4 or IPv6 address of VXLAN packets.

·     inner-destination-port dst-port: Specifies the inner destination port number of VXLAN packets.

·     inner-protocol protocol: Specifies the inner network layer protocol.

·     inner-source-ip { src-ipv4 | src-ipv6 }: Specifies the inner source IPv4 or IPv6 address.

·     inner-source-port src-port: Specifies the inner source port number.

·     vxlan-id vxlan-id: Specifies the VXLAN ID.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the flow entries on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the flow entries on all cards in the IRF fabric. (In IRF mode.)

Usage guidelines

If you do not specify flow groups, this command displays the flow entries generated by each flow group.

Examples

# Display the flow entries generated by flow group 1 for slot 3.

<Sysname> display telemetry flow-group flow-table 1 slot 3

Slot: 3

Flow group 1 (name: abc)

Mode: MOD

================================================================================

Src IP          Dst IP          Pro SPort DPort Aging    Packets

In Src IP       In Dst IP       InP InSP  InDP  VXLAN ID Bytes

Drop Reason

================================================================================

192.168.1.86    192.168.10.2    6   20    30    12m10s   10

-               -               -   -     -     -        12400

unknown-vlan

Table 2 Command output

Field	Description
Mode	Flow group mode: MOD—MOD or simple MOD mode.
In Src IP	Inner source IP address of VXLAN packets.
In Dst IP	Inner destination IP address of VXLAN packets.
InP	Inner network layer protocol.
InSP	Inner source port number.
InDP	Inner destination port number.
VXLAN ID	VXLAN ID.
Drop Reason	Packet drop reason: ·     car-exceeded—CAR exceeded. ·     higig-header-error—HiGig header error. ·     invalid-tpid—Invalid TPID. ·     ip-multicast-error—IP multicast packet error. ·     ipv4-dip-miss—The destination IPv4 address of a packet does not match a route or matches the default route. ·     ipv4-l3-header-error—IPv4 header error. ·     ipv6-dip-miss—The destination IPv6 address of a packet does not match a route or matches the default route. ·     parity-error—Parity error. ·     tunnel-header-error—Tunnel packet header error. ·     unknown-vlan—Unknown VLAN. ·     error0—Unknown reason.

‌

if-match acl

Use if-match acl to specify an ACL for a flow group.

Use undo if-match acl to remove an ACL from a flow group.

Syntax

if-match acl [ ipv6 | mac | user-defined ] { acl-number | name acl-name }

undo if-match acl

Default

No ACL is specified for a flow group.

Views

Flow group view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

user-defined: Specifies the user-defined ACL type.

acl-number: Specifies the ACL number. The following are available value ranges:

·     2000 to 2999 for basic ACLs.

·     3000 to 3999 for advanced ACLs.

·     4000 to 4999 for Layer 2 ACLs.

·     5000 to 5999 for user-defined ACLs.

name acl-name: Specifies the ACL name, a case-insensitive string of 1 to 63 characters. The ACL name must start with an English letter.

Usage guidelines

When specifying an ACL, follow these restrictions and guidelines:

·     If the specified ACL does not exist or does not have any rules, no traffic will match the ACL.

·     In the specified ACL, a rule with the vpn-instance keyword specified takes effect only on VPN packets, and a rule without the vpn-instance keyword specified takes effect on both packets in the public network and VPN packets.

When specifying an ACL by its number, follow these rules:

·     To specify an IPv4 ACL, specify only its number.

·     To specify an IPv6 ACL, Layer 2 ACL, or user-defined ACL, you must specify both its type and number.

When specifying an ACL by its name, follow these rules:

·     To specify an IPv4 ACL, specify only its name.

·     To specify an IPv6 ACL, Layer 2 ACL, or user-defined ACL, you must specify both its type and name.

A flow group takes effect only on the traffic that matches the specified ACL.

Only one ACL can be specified for a flow group.

Examples

# Specify ACL 3000 in flow group 1.

<Sysname> system-view

[Sysname] telemetry flow-group 1

[Sysname-telemetry-flow-group-1] if-match acl 3000

Related commands

acl (ACL and QoS Command Reference)

telemetry flow-group

telemetry apply flow-group

Use telemetry apply flow-group to apply a flow group.

Use undo telemetry apply flow-group to remove the application of a flow group.

Syntax

telemetry apply flow-group { group-id | name group-name }

undo telemetry apply flow-group { group-id | name group-name }

Default

No flow group is applied.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.

name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

Only one flow group can be applied.

Examples

# Apply flow group 1.

<Sysname> system-view

[Sysname] telemetry apply flow-group 1

Related commands

telemetry flow-group

telemetry flow-group

Use telemetry flow-group to create a flow group and enter its view, or enter the view of an existing flow group.

Use undo telemetry flow-group to delete a flow group.

Syntax

telemetry flow-group group-id [ name group-name ] [ mode simple-mod ]

undo telemetry flow-group { group-id | name group-name }

Default

No flow groups exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a flow group ID. The value range for this argument is 1 to 7.

name group-name: Specifies a flow group name, a case-sensitive string of 1 to 63 characters. The name must be globally unique and cannot start with system-defined-.

mode: Specifies a flow group mode. The default is MOD mode.

·     simple-mod: Specifies the simple MOD mode.

Usage guidelines

The flow entries generated by a flow group can be used by other features. A flow group can be in one of the following modes:

·     MOD mode—Used by MOD. This mode occupies hardware resources but has a lower burden on the CPU.

·     Simple MOD mode—Used by MOD. This mode has a higher burden on the CPU but saves hardware resources.

You cannot name or rename an existing flow group and cannot modify the mode of an existing flow group.

To delete an applied flow group, first remove the application and then delete the flow group.

Examples

# Create flow group 1 in MOD mode and enter its view.

<Sysname> system-view

[Sysname] telemetry flow-group 1

[Sysname-telemetry-flow-group-1]

# Create flow group 3 in simple MOD mode and enter its view.

<Sysname> system-view

[Sysname] telemetry flow-group 3 mode simple-mod

[Sysname-telemetry-flow-group-3]

telemetry flow-group aging-time

Use telemetry flow-group aging-time to set the aging time for flow entries.

Use undo telemetry flow-group aging-time to restore the default.

Syntax

telemetry flow-group aging-time aging-time

undo telemetry flow-group aging-time

Default

The aging time for flow entries is 15 minutes.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

aging-time: Specifies the aging time for flow entries in minutes. The value range for this argument is 1 to 16.

Examples

# Set the aging time for flow entries to 20 minutes.

<Sysname> system-view

[Sysname] telemetry flow-group aging-time 20

telemetry flow-group max-entry

Use telemetry flow-group max-entry to set the maximum number of flow entries generated.

Use undo telemetry flow-group max-entry to restore the default.

Syntax

telemetry flow-group max-entry max-entries

undo telemetry flow-group max-entry

Default

By default, the number of flow entries is not limited.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

max-entries: Specifies the maximum number of flow entries generated. The value range for this argument is 1 to 8192.

Usage guidelines

When the maximum number of flow entries is reached, the device does not generate new flow entries until old flow entries are aged out.

Examples

# Set the maximum number of flow entries generated to 100.

<Sysname> system-view

[Sysname] telemetry flow-group max-entry 100

template

Use template to configure a flow entry generation rule.

Use undo template to delete a flow entry generation rule.

Syntax

template { destination-ip | destination-port | protocol | source-ip | source-port | vxlan { inner-destination-ip | inner-destination-port | inner-protocol | inner-source-ip | inner-source-port | vxlan-id } * } *

undo template

Default

No flow entry generation rule is configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

destination-ip: Generates flow entries based on the destination IP address.

destination-port: Generates flow entries based on the destination port number.

protocol: Generates flow entries based on the Layer 3 protocol type.

source-ip: Generates flow entries based on the source IP address.

source-port: Generates flow entries based on the source port number.

vxlan: Generates flow entries for VXLAN packets.

·     inner-destination-ip: Generates flow entries based on the inner destination IP address.

·     inner-destination-port: Generates flow entries based on the inner destination port number.

·     inner-protocol: Generates flow entries based on the inner Layer 3 protocol type.

·     inner-source-ip: Generates flow entries based on the inner source IP address.

·     inner-source-port: Generates flow entries based on the inner source port number.

·     vxlan-id: Generates flow entries based on the VXLAN ID.

Usage guidelines

This command enables the device to identify traffic and generate flow entries based on the specified header fields.

On the SD modules, if an IPv4 ACL has been specified for the flow group, only the destination-ip and source-ip keywords in this command can be configured.

Examples

# Configure flow group 1 to generated flow entries based on the source IP address, destination IP address, source port number, and destination port number.

<Sysname> system-view

[Sysname] telemetry flow-group 1

[Sysname-telemetry-flow-group-1] template destination-ip destination-port source-ip source-port

Related commands

telemetry flow-group