Page 6 | AlliedWare™ OS How To Note: Hardware Filters
Creating dedicated hardware filters
The logic of the operation of the hardware filters
The operation of the filters follows the standard ACL logic: if a packet matches an filter, the
comparison process stops and the action attached to the filter is performed. If a packet fails
to match any of the filters, then the default action (forward) is taken.
Note:
Hardware filters will act on packets that are destined for the switch itself (packets
that would be passed up to the switch's own CPU) in exactly the same way as they
act on packets that were destined to be forwarded directly by the switching chip.
The effects of the action parameters
Let us consider the effect of each the possible action keywords.
Action
What it does
When do you need this action?
discard
Drops the traffic.
Use this when the filtering policy is to disallow certain
traffic flows.
forward
Forwards the traffic normally.
Use this when you want to discard a wide range of traffic,
but still forward some small subset of traffic within that
range.
copy
Forwards the traffic normally, and
also sends a copy of each packet to
the CPU.
Use this when you want software monitoring of a certain
packet flow. If you want to log, or count, or output debug
pertaining to a certain stream, then create a filter that
matches the packets in the stream, and specify copy for
the action.
copy,discard
Drops the traffic, but also sends a
copy of each packet to the CPU.
Use this when you want software monitoring of a certain
packet flow that is being dropped. If you want to log,
count, or output debug pertaining to a certain disallowed
stream, then create a filter that matches the packets in the
stream, and specify copy,discard for the action.
setl2qos
Note that this action has the other parameters associated with it, as the following syntax shows:
add switch hwfilter[=<
filter-id
>] classifier=<
rule-id
> action=setl2qos
[l2qosqueue=0..7] [priority=0..7] [bandwidthclass=1..3]
This action means you can use hardware filters to set the queue, 802.
1
p user priority or bandwidth class for packets.
There is an elaborate QoS mechanism available for allocating these values to packets, but this filter type provides a
simple method if you do not require a full QoS configuration. The principle use for this filter action, though, is as a
mechanism for elevating the probability of CPU reception for packets that you determine to be “important”.
In heavily congested networks, data streams can sometimes use up all the available bandwidth of the CPU receive
process. This increases the probability of losing infrequently-sent control or management packets, for example,
routing protocol packets (BGP, OSPF, PIM, DVMRP) or STP packets. By creating an appropriate classifier and
hardware filter, such packets can be given higher priority forwarding up to the CPU.
If you are using the filter to prioritise packets going up to the CPU, you only need to specify a value for the
l2qosqueue
parameter. The higher the value given to this parameter, the higher the priority the matching packets
will be given in forwarding up to the CPU. It is possible to specify the
priority
and
bandwidthclass
parameters
in this case, but they will have no effect, because the CPU ignores these parameters. The default value for the
l2qosqueue
parameter is 0.
The
priority
parameter specifies the 802.
1
p user priority with which to re-mark matching packets. The default is 0.
The
bandwidthclass
parameter specifies the bandwidth class (colour) to assign matching packets to. The default
is
1
(green).
