Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-Flow group commands | 100.79 KB |
display telemetry flow-group flow-table
telemetry flow-group aging-time
telemetry flow-group max-entry
telemetry flow-group rate-limit
Flow group commands
display telemetry flow-group
Use display telemetry flow-group to display the configuration and application status of flow groups.
Syntax
display telemetry flow-group [ group-id | name group-name | system-defined ip ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.
name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.
system-defined: Specifies a system-defined flow group.
· ip: Specifies the system-defined IP flow group.
slot slot-number: Specifies the slot number of the device, which is fixed at 1.
Usage guidelines
If you do not specify the group-id or name group-name option, this command displays the configuration and application status of all flow groups.
Examples
# Display the configuration of flow group 1 and its application status in slot 3.
<Sysname> display telemetry flow-group 1 slot 3
Flow group 1 (Failed)
ACL : 2001
Template :
destination-ip
destination-port
source-ip
source-port
Mode : MOD
Configured aging time: 15 minutes
Rate limit: -
Max entry : -
Delay threshold: 32 nanoseconds
# Display the configuration and application status of the system-defined IP flow group.
<Sysname> display telemetry flow-group system-defined ip
Flow group named system-defined-ip (System-defined)
Apply mode: Mice-elephant-flow(Inactive)
Template :
destination-ip
destination-port
protocol
source-ip
source-port
Active aging time: 15 minutes
Configured aging time: 5 milliseconds
Rate limit: -
Max entry : -
|
Field |
Description |
|
Flow group 2 named aaa (Successful) |
ID, name, and application status of the flow group. Values for the application status include: · Successful—The flow group is applied successfully. · Failed—The flow group fails to be applied for some reasons other than incomplete flow group configuration. · Inactive—The flow group has not been administratively applied. · Incomplete—The flow group fails to be applied because its configuration is incomplete. |
|
Apply mode |
Application mode and application status of the flow group. Values for the application status include: · Successful—The flow group is applied successfully. · Failed—The flow group fails to be applied for some reasons other than incomplete flow group configuration. · Inactive—The flow group has not been administratively applied. · Incomplete—The flow group fails to be applied because its configuration is incomplete. |
|
Active aging time |
The aging time that actually takes effect. |
|
Rate limit |
Maximum rate of packets to the CPU in pps. A hyphen (-) indicates that no rate limit is configured. |
|
Max entry |
Maximum number of flow entries generated. A hyphen (-) indicates that no entry limit is configured. |
display telemetry flow-group flow-table
Use display telemetry flow-group flow-table to display the flow entries generated by flow groups.
Syntax
display telemetry flow-group flow-table [ [ group-id | name group-name ] | mod | mice-elephant-flow ] [ destination-ip { dst-ipv4 | dst-ipv6 } | destination-port dst-port | protocol protocol | source-ip { src-ipv4 | src-ipv6 } | source-port src-port ] * { slot slot-number }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.
name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.
mod: Specifies flow groups in simple MOD mode.
mice-elephant-flow: Specifies flow groups in elephant/mice flow mode.
destination-ip { dst-ipv4 | dst-ipv6 }: Specifies the destination IPv4 or IPv6 address.
destination-port dst-port: Specifies the destination port number.
protocol protocol: Specifies the network layer protocol.
source-ip { src-ipv4 | src-ipv6 }: Specifies the source IPv4 or IPv6 address.
source-port src-port: Specifies the source port number.
slot slot-number: Specifies the slot number of the device, which is fixed at 1.
Usage guidelines
If you do not specify flow groups, this command displays the flow entries generated by each flow group.
If you specify the mice-elephant-flow keyword, this command displays the flow entries generated for elephant flows. For more information about elephant flows and mice flows, see elephant and mice flows distinguishing in ACL and QoS Configuration Guide.
Examples
# Display the flow entries generated by flow group 1 for slot 3.
<Sysname> display telemetry flow-group flow-table 1 slot 3
Slot: 3
Flow group 1 (name: abc)
Mode: MOD
================================================================================
Src IP Dst IP Pro SPort DPort Aging Packets
In Src IP In Dst IP InP InSP InDP VXLAN ID Bytes
Drop Reason
================================================================================
192.168.1.86 192.168.10.2 6 20 30 12m10s 10
- - - - - - 12400
unknown-vlan
Table 2 Command output
|
Field |
Description |
|
Mode |
Flow group mode: · Mice elephant flow—Elephant/mice flow mode. · MOD—Simple MOD mode. |
|
Packet |
The elephant/mice flow mode does not support this field. Packet count. |
|
In Src IP |
This field is not supported in the current software version. Inner source IP address of VXLAN packets. |
|
In Dst IP |
This field is not supported in the current software version. Inner destination IP address of VXLAN packets. |
|
InP |
This field is not supported in the current software version. Inner network layer protocol. |
|
InSP |
This field is not supported in the current software version. Inner source port number. |
|
InDP |
This field is not supported in the current software version. Inner destination port number. |
|
VXLAN ID |
This field is not supported in the current software version. VXLAN ID. |
|
Bytes |
The elephant/mice flow mode does not support this field. Byte count. |
|
Drop Reason |
Packet drop reason: · ip-multicast-error—IP multicast packet error. · ipv4-dip-miss—The destination IPv4 address of a packet does not match a route or matches the default route. · parity-error—Parity error. · tunnel-header-error—Tunnel packet header error. · unknown-vlan—Unknown VLAN. |
if-match acl
Use if-match acl to specify an ACL for a flow group.
Use undo if-match acl to remove an ACL from a flow group.
Syntax
if-match acl { acl-number | name acl-name }
undo if-match acl
Default
No ACL is specified for a flow group.
Views
Flow group view
Predefined user roles
network-admin
Parameters
acl-number: Specifies the ACL number. The following are available value ranges:
· 2000 to 2999 for basic ACLs.
· 3000 to 3999 for advanced ACLs.
name acl-name: Specifies the ACL name, a case-insensitive string of 1 to 63 characters. The ACL name must start with an English letter.
Usage guidelines
When specifying an ACL, follow these restrictions and guidelines:
· If the specified ACL does not exist or does not have any rules, no traffic will match the ACL.
· An ACL rule can be configured only with a 5-tuple (source IP address, destination IP address, source port number, destination port number, and protocol type) and DSCP priority.
A flow group takes effect only on the traffic that matches the specified ACL.
Only one ACL can be specified for a flow group.
Examples
# Specify ACL 3000 in flow group 1.
<Sysname> system-view
[Sysname] telemetry flow-group 1
[Sysname-telemetry-flow-group-1] if-match acl 3000
Related commands
acl (ACL and QoS Command Reference)
telemetry flow-group
telemetry apply flow-group
Use telemetry apply flow-group to apply a flow group.
Use undo telemetry apply flow-group to remove the application of a flow group.
Syntax
telemetry apply flow-group { group-id | name group-name | system-defined ip mode mice-elephant-flow }
undo telemetry apply flow-group { group-id | name group-name | system-defined ip mode mice-elephant-flow }
Default
No flow group is applied.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a flow group by its ID. The value range for this argument is 1 to 7.
name group-name: Specifies a flow group by its name, a case-sensitive string of 1 to 63 characters.
system-defined ip: Specifies the system-defined IP flow group.
mode mice-elephant-flow: Applies the system-defined flow group in elephant/mice flow mode.
Usage guidelines
Operating mechanism
The device provides the following system-defined flow group for you to use:
· IP flow group (system-defined-ip)—Generates flow entries based on the IP 5-tuple.
Restrictions and guidelines
A system-defined flow group does not reference an ACL and cannot be modified.
Only one flow group can be applied.
Examples
# Apply flow group 1.
<Sysname> system-view
[Sysname] telemetry apply flow-group 1
# Apply the system-defined IP flow group in elephant/mice flow mode.
<Sysname> system-view
[Sysname] telemetry apply flow-group system-defined ip mode mice-elephant-flow
Related commands
telemetry flow-group
telemetry flow-group
Use telemetry flow-group to create a flow group and enter its view, or enter the view of an existing flow group.
Use undo telemetry flow-group to delete a flow group.
Syntax
telemetry flow-group group-id [ name group-name ] mode simple-mod
undo telemetry flow-group { group-id | name group-name }
Default
No flow groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a flow group ID. The value range for this argument is 1 to 7.
name group-name: Specifies a flow group name, a case-sensitive string of 1 to 63 characters. The name must be globally unique and cannot start with system-defined-.
mode: Specifies a flow group mode. Only simple MOD mode is supported.
· simple-mod: Specifies the simple MOD mode.
Usage guidelines
The flow entries generated by a flow group can be used by other features. A flow group can be in one of the following modes:
· Simple MOD mode—Used by MOD. This mode has a higher burden on the CPU but saves hardware resources.
· Elephant/mice flow mode—Used by the elephant and mice flows distinguishing feature. This mode is system-defined and cannot be modified or reference ACLs. The flow entry generation is based on the IP 5-tuple.
You cannot name or rename an existing flow group and cannot modify the mode of an existing flow group.
To delete an applied flow group, first remove the application and then delete the flow group.
Examples
# Create flow group 3 in simple MOD mode and enter its view.
<Sysname> system-view
[Sysname] telemetry flow-group 3 mode simple-mod
[Sysname-telemetry-flow-group-3]
telemetry flow-group aging-time
Use telemetry flow-group aging-time to set the aging time for flow entries.
Use undo telemetry flow-group aging-time to restore the default.
Syntax
telemetry flow-group aging-time [ msec ] aging-time
undo telemetry flow-group aging-time
Default
The aging time for flow entries is 10 milliseconds for the elephant/mice flow mode and 15 minutes for other modes.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the aging time for flow entries in minutes. The value range for this argument is 1 to 16.
[ msec ] aging-time: Specifies the aging time for flow entries.
· For the elephant/mice flow mode, you must specify the msec keyword. The aging time is specified in milliseconds. Valid values for the aging-time argument are 1, 2, 5, or 10.
· For other modes, do not specify the msec keyword. The aging time is specified in minutes. The value range for the aging-time argument is 1 to 100.
Usage guidelines
The aging time specified in minutes takes effect on only flow groups in simple MOD mode.
The aging time specified in milliseconds takes effect on only flow groups in elephant/mice flow mode.
Examples
# Set the aging time for flow entries to 20 minutes.
<Sysname> system-view
[Sysname] telemetry flow-group aging-time 20
telemetry flow-group max-entry
Use telemetry flow-group max-entry to set the maximum number of flow entries generated.
Use undo telemetry flow-group max-entry to restore the default.
Syntax
telemetry flow-group max-entry max-entries
undo telemetry flow-group max-entry
Default
By default, the number of flow entries is not limited.
Views
System view
Predefined user roles
network-admin
Parameters
max-entries: Specifies the maximum number of flow entries generated. The value range for this argument is 1 to 8192.
Usage guidelines
When the maximum number of flow entries is reached, the device does not generate new flow entries until old flow entries are aged out.
Examples
# Set the maximum number of flow entries generated to 100.
<Sysname> system-view
[Sysname] telemetry flow-group max-entry 100
telemetry flow-group rate-limit
Use telemetry flow-group rate-limit to set the maximum rate of packets sent to the CPU to limit the flow entry generation rate.
Use undo telemetry flow-group rate-limit to restore the default.
Syntax
telemetry flow-group rate-limit pps
undo telemetry flow-group rate-limit
Default
By default, the rate of packets sent to the CPU is not limited.
Views
System view
Predefined user roles
network-admin
Parameters
pps: Specifies the maximum rate of packets sent to the CPU to limit the flow entry generation rate. The value range for this argument is 1 to 1024.
Examples
# Set the maximum rate of packets sent to the CPU to 100 pps.
<Sysname> system-view
[Sysname] telemetry flow-group rate-limit 100
template
Use template to configure a flow entry generation rule.
Use undo template to delete a flow entry generation rule.
Syntax
template { destination-ip | destination-port | protocol | source-ip | source-port } *
undo template
Default
No flow entry generation rule is configured.
Views
System view
Predefined user roles
network-admin
Parameters
destination-ip: Generates flow entries based on the destination IP address.
destination-port: Generates flow entries based on the destination port number.
protocol: Generates flow entries based on the Layer 3 protocol type.
source-ip: Generates flow entries based on the source IP address.
source-port: Generates flow entries based on the source port number.
Usage guidelines
This command enables the device to identify traffic and generate flow entries based on the specified header fields.
Examples
# Configure flow group 1 to generated flow entries based on the source IP address, destination IP address, source port number, and destination port number.
<Sysname> system-view
[Sysname] telemetry flow-group 1
[Sysname-telemetry-flow-group-1] template destination-ip destination-port source-ip source-port
Related commands
telemetry flow-group
