Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-Flow group configuration | 61.43 KB |
Contents
Restrictions: Hardware compatibility with flow group
Configuring flow groups
About flow groups
A flow group allows you to identify flows based on flow generation rules. The device extracts traffic characteristics (for example, 5-tuples in the packet header) and generates flow entries according to the header fields specified in a flow generation rule.
A flow group can use an ACL to limit the traffic for which flow entries are generated. A flow entry is aged out if no matching packets are received before the aging timer expires.
Figure 1 Flow entry generation
The flow entries generated by a flow group can be used by other features. A flow group can be in one of the following modes:
· Common MOD mode—Used by MOD. This mode occupies hardware resources but has a lower burden on the CPU. For more information about MOD, see Telemetry Configuration Guide.
· Simple MOD mode—Used by MOD. This mode has a higher burden on the CPU but saves hardware resources.
Restrictions: Hardware compatibility with flow group
The S5130S-EI-G switch series does not support this feature.
Restrictions and guidelines: Flow group configuration
A flow group can reference only one ACL.
Because a flow can belong to only one flow group, make sure the same flow is not assigned to more than one flow group when specifying ACLs. For information about ACLs, see ACL and QoS Configuration Guide.
To delete an applied flow group, first remove the application and then delete the flow group.
Only one flow group can be applied.
Procedure
system-view
2. Create a flow group and enter its view.
telemetry flow-group group-id [ name group-name ] [ mode simple-mod ]
3. Specify an ACL.
if-match acl [ ipv6 | mac ] { acl-number | name acl-name }
By default, no ACL is specified.
4. Configure the header fields used for generating flow entries.
template { destination-ip | destination-port | protocol | source-ip | source-port } *
By default, no header fields are used for generating flow entries.
5. Return to system view.
quit
6. (Optional.) Set the aging time for flow entries.
telemetry flow-group aging-time aging-time
The default setting is 15 minutes.
7. (Optional.) Set the maximum number of flow entries generated.
telemetry flow-group max-entry max-entries
By default, the number of flow entries is not limited.
8. Apply the flow group.
telemetry apply flow-group { group-id | name group-name }
By default, no flow group is applied.
Display and maintenance commands for flow group
Execute display commands in any view.
|
Task |
Command |
|
Display the configuration and application status of flow groups. |
display telemetry flow-group [ group-id | name group-name ] [ slot slot-number ] |
|
Display flow entries. |
display telemetry flow-group flow-table [ [ group-id | name group-name ] | mod ] [ destination-ip { dst-ipv4 | dst-ipv6 } | destination-port dst-port | protocol protocol | source-ip { src-ipv4 | src-ipv6 } | source-port src-port ] * { slot slot-number } |
