EOS Section 46.4: DirectFlow Command Descriptions

46.4 DirectFlow Command Descriptions
DirectFlow Global Configuration Mode
DirectFlow Configuration Command
DirectFlow and Clear Commands
action drop (DirectFlow-flow mode)
The action drop command configures packets that match an entry to be dropped.
The no action drop and default action drop commands remove the statement from the DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action drop
no action drop
default action drop
Example
This command sets the action for packets from Test-1 to be dropped.
switch(config-directflow-Test-1)#action drop
switch#
action mirror (DirectFlow-flow mode)
The action mirror command can be used to ingress or egress mirror traffic to a mirror destination. This requires a mirror destination to be setup on the switch. If a packet comes in or goes out an interface that is part of another mirror session, then the destination for that destination as well as the DirectFlow destination will receive a copy of the packet.
The no action mirror and default action mirror commands remove the statement from DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action DIRECTION mirror INT_NAME
no action DIRECTION mirror INT_NAME
default action DIRECTION mirror INT_NAME
Parameters
DIRECTION     transmission direction of traffic to be mirrored.
ingress     mirrors before any rewrites.
egress     mirrors after rewrites.
INT_NAME     Source interface for the mirroring session.
ethernet e_range     Ethernet interfaces specified by e_range.
port-channel p_range     Port channel interfaces specified by p_range.
Example
This command configures mirror traffic to Ethernet 2.
switch(config-directflow)# flow Test1
switch(config-directflow-Test1)#match ethertype ip
switch(config-directflow-Test1)#match source ip 10.10.10.10
switch(config-directflow-Test1)#action egress mirror ethernet 2
switch(config-directflow-Test1)#
action output (DirectFlow-flow mode)
The action output command configures an Ethernet or port channel interface as the output of a specified port mirroring session.
The no action output and default action output commands remove the statement from DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action output DESTINATION
no action output DESTINATION
default action output DESTINATION
Parameters
DESTINATION     transmission direction of traffic to be mirrored.
all     mirrors transmitted and received traffic.
flood     mirrors received traffic only.
interface ethernet e_range     Ethernet interfaces specified by e_range.
interface port-channel p_range     Port channel interfaces specified by p_range.
Example
This command configures Ethernet interface 7 as the output for the mirroring session.
switch(config-directflow-Test1)#action output interface ethernet 7
switch(config-directflow-Test1)#
action output interface cpu (DirectFlow-flow mode)
The action output interface cpu command configures the action (other commands are used to define the traffic matching conditions).
The no action output interface cpu and default action output commands remove the statement from DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action output DESTINATION
no action output DESTINATION
default action output DESTINATION
Parameters
DESTINATION     transmission direction of traffic to be mirrored.
all     mirrors transmitted and received traffic.
flood     mirrors received traffic only.
interface cpu     Ethernet interfaces specified by e_range.
Example
This command configures Ethernet interface 7 as the output for the mirroring session.
switch(config-directflow-Test1)#action output interface ethernet 7
switch(config-directflow-Test1)#
These commands configure the action to redirect traffic matching the flow to the CPU and the matching conditions for the flow.
switch (config)#directflow
switch (config-directflow)#flow redirect-http-cpu
switch (config-directflow-redirect-http=cpu)#match ip protocol tcp
switch (config-directflow-redirect-http-cpu)#match destination port80
switch (config-directflow-redirect-http-cpu)#action output interface cpu
action set (DirectFlow-flow mode)
The action set command allows you to configure a packet to be routed out a layer three interface using a DirectFlow entry. The actions associated with the entry will have to specify the new source MAC and destination MAC for the packet, as well as the physical port or LAG. If there are no output ports specified in an entry, packets that match that entry will be dropped.
The no action set and default action set commands remove action set statement from DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
action set CONDITION
no action set CONDITION
default action set CONDITION
Parameters
CONDITION     specifies parameter and value. Options include:
cos <0 to 7>     cost of service.
destination mac mac_addr     Dotted hex notation.
ip tos <0 to 255>     Type of service.
source mac mac_addr      Dotted hex notation.
traffic-class <0 to 7>     Dotted hex notation.
vlan <1 to 4094>     Number of VLAN.
The no action set and default action set commands require only the CONDITION type without a specific condition value.
Example
These commands change the destination MAC of the frame.
switch(config-directflow)#flow Test1
switch(config-directflow-Test1)#action egress mirror ethernet 7
switch(config-directflow-Test1)#action set destination mac 0000.aaaa.bbbb
directflow
The directflow command places the switch in DirectFlow configuration mode.
The no directflow and default directflow commands delete the DirectFlow configuration mode statements from running-config.
DirectFlow configuration mode is not a group change mode; running-config is changed immediately upon entering commands. Exiting OpenFlow configuration mode does not affect running-config. The exit command returns the switch to global configuration mode.
Command Mode
Global Configuration
Command Syntax
directflow
no directflow
default directflow
Commands Available in DirectFlow-Flow configuration mode:
Example
This command places the switch in DirectFlow configuration mode:
switch(config)#directflow
switch(config-directflow)#
This command returns the switch to global management mode:
switch(config-directflow)#exit
switch(config)#
flow (DirectFlow)
The flow command places the switch in flow configuration mode.
The flow command specifies the name of the flow that subsequent commands modify and creates a newflow definition if it references a nonexistent flow. All changes in a flow configuration mode edit session are pending until the session ends:
The exit command saves pending changes to running-config and returns the switch to DirectFlow configuration mode. Changes are also saved by entering a different configuration mode.
The abort command discards pending changes, returning the switch to DirectFlow configuration mode.
The no flow and default flow commands delete the specified role by removing the role and its statements from running-config.
Command Mode
DirectFlow Configuration
Command Syntax
flow flow_name
no flow flow_name
default flow flow_name
Parameters
flow_name     Name of flow.
Commands Available in DirectFlow-Flow configuration mode:
match (DirectFlow-flow mode)
The match command allows you to configure a rule or a flow which could match on L2, L3, L4 fields of a packet and specify a certain action to modify, drop or redirect the packet.
All traffic ingressing on the switch will be matched against the flows installed. In cases where none of the packets match, normal switching or routing behavior will take over. When multiple entries match a packet, precedence is given to the entry that was installed first.
The no match and default match commands remove the match statement from the configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
match CONDITION
no match CONDITION
default match CONDITION
Parameters
CONDITION     specifies criteria for evaluating a route. Options include:
cos <0 to 7>     cost of service.
destination ip ipv4_sub   destination IPv4 subnet. L3 fields valid only if ethertype is IP (0x0800).
destination mac mac_addr     Add to the existing community. Dotted hex notation.
destination mac mac_addr mask mac_mask     Add to the sting community. Dotted hex notation.
destination port <0 to 65535>     Fields accepted only if protocol is TCP| UDP
ethertype <0 to 65535>     Layer 4 destination port.
ethertype ARP     Layer 4 destination port.
ethertype IP     Layer 4 destination port.
icmp code <0 to 255>     Fields accepted only if protocol is ICMP
icmp type <0 to 255>     Fields accepted only if protocol is ICMP
input interface ethernet e_num     Ethernet interface specified by e_num.
input interface port-channel p_num     Port channel interface specified by p_num.
ip protocol <0 to 255>     Type of service.
ip protocol icmp     L3 fields valid only if ethertype is IP (0x0800).
ip protocol tcp     L3 fields valid only if ethertype is IP (0x0800).
ip protocol udp     L3 fields valid only if ethertype is IP (0x0800).
ip tos <0 to 255>     L3 fields valid only if ethertype is IP (0x0800).
source ip ipv4_subnet     L3 fields valid only if ethertype is IP (0x0800).
source mac mac_addr     Add to the existing community. Dotted hex notation.
source mac mac_addr mask mac_mask     Add to the sting community. Dotted hex notation.
source port <0 to 65535>     Fields accepted only if protocol is TCP| UDP
tcp flag ack     Layer 4 destination port.
tcp flag fin     Layer 4 destination port.
tcp flag psh     Layer 4 destination port.
tcp flag rst     Layer 4 destination port.
tcp flag syn     Layer 4 destination port.
tcp flag urg     Layer 4 destination port.
tcp flag urg     Layer 4 destination port
vlan <1 to 4094> mask<1 to 4095>     Number of VLAN.
The no match and default match commands require only the CONDITION type without a specific condition value.
Example
This command creates the rules to match on Ethertype IP and Source IP 10.10.10.10.
switch(config-directflow)# flow Test1
switch(config-directflow-Test1)#persistent
switch(config-directflow-Test1)#match ethertype ip
switch(config-directflow-Test1)#match source ip 10.10.10.10
priority (DirectFlow-flow mode)
The priority command sets the priority for the flow match rules. Each flow-table entry has an optional priority field, with a higher number indicating a higher priority. Flows with the same priority may be loaded in any order, and the order may be changed at any time. If multiple entries match a packet, precedence is given to the entry that was installed first.
Priority numbers range from 0 to 65535. The default is 0. The higher priority rules match first.
The no priority and default priority commands remove priority statement from the DirectFlow configuration mode.
Command Mode
Directflow-flow Configuration
Command Syntax
priority priority_value
no priority
default priority
Parameters
priority_level     priority xxx. Value ranges from 0 to 65535. Default is 0.
Example
These commands assign the priority of 150 to flow Test-1.
switch(config-directflow-Test-1)#priority 150
switch(config-directflow-Test-1)#
show directflow
The show directflow command shows the effective DirectFlow configuration parameters.
Command Mode
EXEC
Command Syntax
show directflow
Example
This command displays the actual hardware state of DirectFlow.
switch# show directflow
DirectFlow configuration: Enabled
Total matched: 23 packets
switch#
show directflow flows
The show directflow flows command displays the contents of the flow table, showing each entry with its match rules, actions, and packet counters.
Command Mode
EXEC
Command Syntax
show directflow flows
Example
This command displays the contents of the flow table.
switch# show directflow flows
Flow Test-1:
  priority: 0
  match:
    VLAN ID: 0xa/0x1
    Ethernet type: IPv4
    source IPv4 address: 10.10.10.1
  actions:
    set destination Ethernet address to: 00:00:aa:aa:bb:bb
    output interfaces: Port-Channel100
  matched: 0 packets, 0 bytes
switch#
shutdown (DirectFlow)
The shutdown command, in DirectFlow mode, disables DirectFlow on the switch. DirectFlow is disabled by default.
The no shutdown command re-enables DirectFlow.
Command Mode
Directflow Configuration
Command Syntax
shutdown
no shutdown
default shutdown
Example
These commands enable DirectFlow on the switch.
switch(config)#directflow
switch(config-directflow)#no shutdown
switch(config-directflow)#
This command disables DirectFlow Flow.
switch(config-directflow-Test1)#shutdown
timeout (DirectFlow-flow mode)
The timeout command, in DirectFlow mode, command configures the connection timeout period for connection sessions. The connection timeout period defines the interval between a user’s most recently entered command and an automatic connection shutdown. Automatic connection timeout is disabled by setting the idle-timeout to zero, which is the default setting.
Command Mode
Directflow-flow Configuration
Command Syntax
no priority
no timeout hard
no timeout idle
Parameters
idle     session idle timeout length.
0     Automatic connection timeout is disabled
<1-4294967295>     Automatic timeout period (seconds).
hard     session hard timeout length.
0     Automatic connection timeout is disabled.
<1-4294967295>     Automatic timeout period (seconds).
Example
These commands enable a hard timeout period of 5 seconds on the switch.
switch(config)#directflow
switch(config-directflow-Test1)#timeout hard 5
switch(config-directflow-Test1)#
These commands enable DirectFlow on the switch.
switch(config)#directflow
switch(config-directflow-Test1)#no timeout hard
switch(config-directflow-Test1)#