50.4 DirectFlow Command Descriptions
DirectFlow Global Configuration Mode
DirectFlow Configuration Command
DirectFlow and Clear Commands
action drop (DirectFlow-flow mode)
The action drop command configures packets that match an entry to be dropped.
The no action drop and default action drop commands remove the statement from the DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action drop
no action drop
default action drop
Example
This command sets the action for packets from Test-1 to be dropped.
switch(config-directflow-Test-1)#action drop
switch#
action mirror (DirectFlow-flow mode)
The action mirror command can be used to ingress or egress mirror traffic to a mirror destination. This requires a mirror destination to be setup on the switch. If a packet comes in or goes out an interface that is part of another mirror session, then the destination for that destination as well as the DirectFlow destination will receive a copy of the packet.
The no action mirror and default action mirror commands remove the statement from DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action DIRECTION mirror INT_NAME
no action DIRECTION mirror INT_NAME
default action DIRECTION mirror INT_NAME
Parameters
DIRECTION transmission direction of traffic to be mirrored.
ingress mirrors before any rewrites.
egress mirrors after rewrites.
INT_NAME Source interface for the mirroring session.
ethernet e_range Ethernet interfaces specified by e_range.
port-channel p_range Port channel interfaces specified by p_range.
Example
This command configures mirror traffic to Ethernet 2.
switch(config-directflow)# flow Test1
switch(config-directflow-Test1)#match ethertype ip
switch(config-directflow-Test1)#match source ip 10.10.10.10
switch(config-directflow-Test1)#action egress mirror ethernet 2
switch(config-directflow-Test1)#
action output (DirectFlow-flow mode)
The action output command configures an Ethernet or port channel interface as the output of a specified port mirroring session.
The no action output and default action output commands remove the statement from DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action output DESTINATION
no action output DESTINATION
default action output DESTINATION
Parameters
DESTINATION transmission direction of traffic to be mirrored.
all mirrors transmitted and received traffic.
flood mirrors received traffic only.
interface ethernet e_range Ethernet interfaces specified by e_range.
interface port-channel p_range Port channel interfaces specified by p_range.
Example
This command configures Ethernet interface 7 as the output for the mirroring session.
switch(config-directflow-Test1)#action output interface ethernet 7
switch(config-directflow-Test1)#
action output interface cpu (DirectFlow-flow mode)
The action output interface cpu command configures the action (other commands are used to define the traffic matching conditions).
The no action output interface cpu and default action output commands remove the statement from DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action output DESTINATION
no action output DESTINATION
default action output DESTINATION
Parameters
DESTINATION transmission direction of traffic to be mirrored.
all mirrors transmitted and received traffic.
flood mirrors received traffic only.
interface cpu Ethernet interfaces specified by e_range.
Example
This command configures Ethernet interface 7 as the output for the mirroring session.
switch(config-directflow-Test1)#action output interface ethernet 7
switch(config-directflow-Test1)#
These commands configure the action to redirect traffic matching the flow to the CPU and the matching conditions for the flow.
switch (config)#directflow
switch (config-directflow)#flow redirect-http-cpu
switch (config-directflow-redirect-http=cpu)#match ip protocol tcp
switch (config-directflow-redirect-http-cpu)#match destination port 80
switch (config-directflow-redirect-http-cpu)#action output interface cpu
action set (DirectFlow-flow mode)
The action set command allows you to configure a packet to be routed out a layer three interface using a DirectFlow entry. The actions associated with the entry will have to specify the new source MAC and destination MAC for the packet, as well as the physical port or LAG. If there are no output ports specified in an entry, packets that match that entry will be dropped.
The no action set and default action set commands remove action set statement from DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action set CONDITION
no action set CONDITION
default action set CONDITION
Parameters
CONDITION specifies parameter and value. Options include:
cos <0 to 7> cost of service.
destination mac mac_addr Dotted hex notation.
ip tos <0 to 255> Type of service.
source mac mac_addr Dotted hex notation.
traffic-class <0 to 7> Dotted hex notation.
vlan <1 to 4094> Number of VLAN.
The no action set and default action set commands require only the CONDITION type without a specific condition value.
Example
These commands change the destination MAC of the frame.
switch(config-directflow)#flow Test1
switch(config-directflow-Test1)#action egress mirror ethernet 7
switch(config-directflow-Test1)#action set destination mac 0000.aaaa.bbbb
directflow
The directflow command places the switch in DirectFlow configuration mode.
The no directflow and default directflow commands delete the DirectFlow configuration mode statements from running-config.
DirectFlow configuration mode is not a group change mode; running-config is changed immediately upon entering commands. Exiting OpenFlow configuration mode does not affect running-config. The exit command returns the switch to global configuration mode.
Command Mode
Global Configuration
Command Syntax
directflow
no directflow
default directflow
Commands Available in DirectFlow-Flow configuration mode:
Example
This command places the switch in DirectFlow configuration mode:
switch(config)#directflow
switch(config-directflow)#
This command returns the switch to global management mode:
switch(config-directflow)#exit
switch(config)#
flow (DirectFlow)
The flow command places the switch in flow configuration mode.
The flow command specifies the name of the flow that subsequent commands modify and creates a newflow definition if it references a nonexistent flow. All changes in a flow configuration mode edit session are pending until the session ends:
The exit command saves pending changes to running-config and returns the switch to DirectFlow configuration mode. Changes are also saved by entering a different configuration mode.
The abort command discards pending changes, returning the switch to DirectFlow configuration mode.
The no flow and default flow commands delete the specified role by removing the role and its statements from running-config.
Command Mode
DirectFlow Configuration
Command Syntax
flow flow_name
no flow flow_name
default flow flow_name
Parameters
flow_name Name of flow.
Commands Available in DirectFlow-Flow configuration mode:
match (DirectFlow-flow mode)
The match command allows you to configure a rule or a flow which could match on L2, L3, L4 fields of a packet and specify a certain action to modify, drop or redirect the packet.
All traffic ingressing on the switch will be matched against the flows installed. In cases where none of the packets match, normal switching or routing behavior will take over. When multiple entries match a packet, precedence is given to the entry that was installed first.
The no match and default match commands remove the match statement from the configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
match CONDITION
no match CONDITION
default match CONDITION
Parameters
CONDITION specifies criteria for evaluating a route. Options include:
cos <0 to 7> cost of service.
destination ip ipv4_sub destination IPv4 subnet. L3 fields valid only if ethertype is IP (0x0800).
destination mac mac_addr Add to the existing community. Dotted hex notation.
destination mac mac_addr mask mac_mask Add to the sting community. Dotted hex notation.
destination port <0 to 65535> Fields accepted only if protocol is TCP| UDP
ethertype <0 to 65535> Layer 4 destination port.
ethertype ARP Layer 4 destination port.
ethertype IP Layer 4 destination port.
icmp code <0 to 255> Fields accepted only if protocol is ICMP
icmp type <0 to 255> Fields accepted only if protocol is ICMP
input interface ethernet e_num Ethernet interface specified by e_num.
input interface port-channel p_num Port channel interface specified by p_num.
ip protocol <0 to 255> Type of service.
ip protocol icmp L3 fields valid only if ethertype is IP (0x0800).
ip protocol tcp L3 fields valid only if ethertype is IP (0x0800).
ip protocol udp L3 fields valid only if ethertype is IP (0x0800).
ip tos <0 to 255> L3 fields valid only if ethertype is IP (0x0800).
source ip ipv4_subnet L3 fields valid only if ethertype is IP (0x0800).
source mac mac_addr Add to the existing community. Dotted hex notation.
source mac mac_addr mask mac_mask Add to the sting community. Dotted hex notation.
source port <0 to 65535> Fields accepted only if protocol is TCP| UDP
tcp flag ack Layer 4 destination port.
tcp flag fin Layer 4 destination port.
tcp flag psh Layer 4 destination port.
tcp flag rst Layer 4 destination port.
tcp flag syn Layer 4 destination port.
tcp flag urg Layer 4 destination port.
tcp flag urg Layer 4 destination port
vlan <1 to 4094> mask <1 to 4095> Number of VLAN.
The no match and default match commands require only the CONDITION type without a specific condition value.
Example
This command creates the rules to match on Ethertype IP and Source IP 10.10.10.10.
switch(config-directflow)# flow Test1
switch(config-directflow-Test1)#persistent
switch(config-directflow-Test1)#match ethertype ip
switch(config-directflow-Test1)#match source ip 10.10.10.10
persistent
DirectFlow flows are persistent by default. Once finalized, they appear in the running configuration, and if saved to startup config they will persist over a reboot. The no form of the persistent command prevents the flow from showing up in running config, ensuring that it will not persist over a reboot.
Command Mode
Directflow-flow Configuration
Command Syntax
no persistent
Example
These commands create and enable a non-persistent DirectFlow flow.
switch(config)#directflow
switch(config-directflow)#flow example-non-persistent
switch(config-directflow-example-non-persistent)#match input interface ethernet 25
switch(config-directflow-example-non-persistent)#action drop
switch(config-directflow-example-non-persistent)#no persistent
switch(config-directflow-example-non-persistent)#timeout hard 300
switch(config-directflow-example-non-persistent)#exit
switch(config-directflow)#
priority (DirectFlow-flow mode)
The priority command sets the priority for the flow match rules. Each flow-table entry has an optional priority field, with a higher number indicating a higher priority. Flows with the same priority may be loaded in any order, and the order may be changed at any time. If multiple entries match a packet, precedence is given to the entry that was installed first.
Priority numbers range from 0 to 65535. The default is 0. The higher priority rules match first.
The no priority and default priority commands remove priority statement from the DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
priority priority_value
no priority
default priority
Parameters
priority_level priority xxx. Value ranges from 0 to 65535. Default is 0.
Example
These commands assign the priority of 150 to flow Test-1.
switch(config-directflow-Test-1)#priority 150
switch(config-directflow-Test-1)#
show directflow
The show directflow command displays summary information for DirectFlow. With the counters or details options, it displays counters or details for all flows configured on the switch.
Command Mode
EXEC
Command Syntax
show directflow [counters|details]
Example
This command displays summary information for DirectFlow.
switch# show directflow
DirectFlow configuration: Enabled
Total matched: 0 packets
Total programmed flows: 3 flows
switch#
This command displays counters for all DirectFlow flows configured on the switch.
switch# show directflow counters
Flow Name Source Matched packets Matched bytes
--------- ------ --------------- -------------
test3 config 0 0
test2 config 0 0
test1 config 0 0
 
Total matched packets: 0
switch>
This command displays details for all DirectFlow flows configured on the switch.
switch# show directflow detail
Flow test3: (Flow programmed)
persistent: True
priority: 0
priorityGroupType: default
tableType: ifp
hard timeout: 0
idle timeout: 0
match:
Ethernet type: 0x86dd
source IPv6 address: fcaa::/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
actions:
output interfaces:
Et32
source: config
matched: 0 packets, 0 bytes
Flow test2: (Flow programmed)
persistent: True
priority: 0
priorityGroupType: default
tableType: ifp
hard timeout: 0
idle timeout: 0
match:
Ethernet type: IPv4
source IPv4 address: 10.1.2.12/255.255.255.255
IPv4 protocol: TCP
destination TCP/UDP port or ICMP type: 8080
actions:
output interfaces:
Et3/1
source: config
matched: 0 packets, 0 bytes
Flow test1: (Flow programmed)
persistent: True
priority: 0
priorityGroupType: default
tableType: ifp
hard timeout: 0
idle timeout: 0
match:
ingress interface:
Et1/1
actions:
output interfaces:
Et2/1
source: config
matched: 0 packets, 0 bytes
Flows: 3 programmed, 0 rejected
switch>
 
show directflow flows
The show directflow flows command displays the contents of the flow table, showing each entry with its match rules, actions, and packet counters. Including the name of a specific flow limits the output to information about the specified flow.
Command Mode
EXEC
Command Syntax
show directflow flows [flow_name [counters|detail]]
Parameters
flow_name name of flow for which to display information. If no flow name is entered, command displays information for all flows.
counters displays DirectFlow counters for the specified flow.
detail displays detailed information for the specified flow.
Example
This command displays the contents of the flow table.
switch# show directflow flows
Flow test3:
persistent: True
priority: 0
priorityGroupType: default
tableType: ifp
hard timeout: 0
idle timeout: 0
match:
Ethernet type: 0x86dd
source IPv6 address: fcaa::/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
actions:
output interfaces:
Et32
source: config
matched: 0 packets, 0 bytes
Flow test2:
persistent: True
priority: 0
priorityGroupType: default
tableType: ifp
hard timeout: 0
idle timeout: 0
match:
Ethernet type: IPv4
source IPv4 address: 10.1.2.12/255.255.255.255
IPv4 protocol: TCP
destination TCP/UDP port or ICMP type: 8080
actions:
output interfaces:
Et3/1
source: config
matched: 0 packets, 0 bytes
Flow test1:
persistent: True
priority: 0
priorityGroupType: default
tableType: ifp
hard timeout: 0
idle timeout: 0
match:
ingress interface:
Et1/1
actions:
output interfaces:
Et2/1
source: config
matched: 0 packets, 0 bytes
switch>
This command displays information about flow “test-1.”
switch# show directflow flows test-1
Flow test1:
persistent: True
priority: 0
priorityGroupType: default
tableType: ifp
hard timeout: 0
idle timeout: 0
match:
ingress interface:
Et1/1
actions:
output interfaces:
Et2/1
source: config
matched: 0 packets, 0 bytes
switch>
This command displays counters for flow “test-1.”
switch# show directflow flows test-1 counters
Flow Name Source Matched packets Matched bytes
--------- ------ --------------- -------------
test1 config 0 0
switch>
This command displays detailed information for flow “test-1.”
switch# show directflow flows test-1 detail
switch>show directflow flows test1 detail
Flow test1: (Flow programmed)
persistent: True
priority: 0
priorityGroupType: default
tableType: ifp
hard timeout: 0
idle timeout: 0
match:
ingress interface:
Et1/1
actions:
output interfaces:
Et2/1
source: config
matched: 0 packets, 0 bytes
switch>
 
shutdown (DirectFlow)
The shutdown command, in DirectFlow mode, disables DirectFlow on the switch. DirectFlow is disabled by default.
The no shutdown command re-enables DirectFlow.
Command Mode
Directflow Configuration
Command Syntax
shutdown
no shutdown
default shutdown
Example
These commands enable DirectFlow on the switch.
switch(config)#directflow
switch(config-directflow)#no shutdown
switch(config-directflow)#
This command disables DirectFlow Flow.
switch(config-directflow-Test1)#shutdown
timeout (DirectFlow-flow mode)
The timeout command, in DirectFlow mode, command configures the connection timeout period for connection sessions. The connection timeout period defines the interval between a user’s most recently entered command and an automatic connection shutdown. Automatic connection timeout is disabled by setting the idle-timeout to zero, which is the default setting.
Command Mode
Directflow-flow Configuration
Command Syntax
no priority
no timeout hard
no timeout idle
Parameters
idle session idle timeout length.
0 Automatic connection timeout is disabled
<1-4294967295> Automatic timeout period (seconds).
hard session hard timeout length.
0 Automatic connection timeout is disabled.
<1-4294967295> Automatic timeout period (seconds).
Example
These commands enable a hard timeout period of 5 seconds on the switch.
switch(config)#directflow
switch(config-directflow-Test1)#timeout hard 5
switch(config-directflow-Test1)#
These commands enable DirectFlow on the switch.
switch(config)#directflow
switch(config-directflow-Test1)#no timeout hard
switch(config-directflow-Test1)#