Handling Of Transit Traffic (Traffic Separation); Mapping Of Management Applications And Traffic Type - Dell Force10 Z9000 Configuration Manual

• ICMP-based applications like ping and traceroute are exceptions to the preceding logic since we do not have TCP/UDP port
number. So if source IP address of the packet matches the management port IP address EIS route lookup is done.
• Management application packet counter is incremented if EIS route lookup succeeds and packet is sent out of the management
port.
• If route lookup in the EIS routing table fails or if the management port is down, then packets are dropped. The management
application drop counter is incremented.
• Whenever IP address is assigned to the management port, it is stored in a global variable in the IP stack, which is used for
comparison with the source IP address of the packet.
• Rest of the response traffic is handled as per existing behavior by doing route lookup in the default routing table. So if the traffic
is destined to the front-end port IP address, the response is sent out by doing a route lookup in the default routing table, which is
an existing behavior.
Consider a sample topology in which ip1 is an address assigned to the management port and ip2 is an address assigned to any of the
front panel port. A and B are end users on the management and front-panel port networks. The OS-initiated traffic for management
applications takes a preference for ip1 as source IP and uses the management network to reach the destination. If the management
port is down or the route lookup in EIS routing table fails, ip2 is the source IP and the front-panel port is used to reach the
destination. The fallback route between the management and data networks is used in such a case. At any given time, end users can
access Dell Networking OS applications using either ip1 or ip2. Return traffic for such end-user-originated sessions destined to
management port ip1 is handled using the EIS route lookup.

Handling of Transit Traffic (Traffic Separation)

This is forwarded traffic where destination IP is not an IP address configured in the switch.
• Packets received on the management port with destination on the front-end port is dropped.
• Packets received on the front-end port with destination on the management port is dropped.
• A separate drop counter is incremented for this case. This counter is viewed using the netstat command, like all other IP layer
counters.
Consider a scenario in which ip1 is an address assigned to the management port and ip2 is an address assigned to any of the front
panel port of a switch. End users on the management and front panel port networks are connected. In such an environment, traffic
received in the management port destined on the data port network is dropped and traffic received in the front-end port destined on
the management network is dropped.

Mapping of Management Applications and Traffic Type

The following table summarizes the behavior of applications for various types of traffic when the management egress interface
selection feature is enabled.
Table 15. Mapping of Management Applications and Traffic Type
Traffic type / Switch initiated traffic
Application type
EIS Management Management is the preferred
Application egress port selected based on
route lookup in EIS table. If the
management port is down or the
route lookup fails, packets are
dropped.
Non-EIS Front-end default route will take
management higher precedence over
application management default route and
SSH session to an unknown
Switch-destined traffic
If source TCP/UDP port matches a
management application and source IP
address is management port IP address,
management port is the preferred egress port
selected based on route lookup in EIS table. If
management port is down or route lookup
fails, packets are dropped
If source TCP/UDP port matches a
management application and the source IP
address is a management port IP address, the
management port is the preferred egress port
Internet Group Management Protocol (IGMP)
Transit Traffic
Traffic from
management port to
data port and from data
port to management
port is blocked
Traffic from
management port to
data port and from data
273