The Logic Of The Operation Of The Hardware Filters; The Effects Of The Action Parameters - Allied Telesis x900-24 series Function Manual

The logic of the operation of the hardware filters

The operation of the filters follows the standard ACL logic: if a packet matches an filter, the
comparison process stops and the action attached to the filter is performed. If a packet fails
to match any of the filters, then the default action (forward) is taken.
Note:

The effects of the action parameters

Let us consider the effect of each the possible action keywords.
Action
discard
forward
copy
copy,discard
setl2qos
Note that this action has the other parameters associated with it, as the following syntax shows:
This action means you can use hardware filters to set the queue, 802.1p user priority or bandwidth class for packets.
There is an elaborate QoS mechanism available for allocating these values to packets, but this filter type provides a
simple method if you do not require a full QoS configuration. The principle use for this filter action, though, is as a
mechanism for elevating the probability of CPU reception for packets that you determine to be "important".
In heavily congested networks, data streams can sometimes use up all the available bandwidth of the CPU receive
process. This increases the probability of losing infrequently-sent control or management packets, for example,
routing protocol packets (BGP, OSPF, PIM, DVMRP) or STP packets. By creating an appropriate classifier and
hardware filter, such packets can be given higher priority forwarding up to the CPU.
If you are using the filter to prioritise packets going up to the CPU, you only need to specify a value for the
l2qosqueue parameter. The higher the value given to this parameter, the higher the priority the matching packets
will be given in forwarding up to the CPU. It is possible to specify the priority and bandwidthclass parameters
in this case, but they will have no effect, because the CPU ignores these parameters. The default value for the
l2qosqueue parameter is 0.
The priority parameter specifies the 802.1p user priority with which to re-mark matching packets. The default is 0.
The bandwidthclass parameter specifies the bandwidth class (colour) to assign matching packets to. The default
is 1 (green).
Page 6 | AlliedWare™ OS How To Note: Hardware Filters
Hardware filters will act on packets that are destined for the switch itself (packets
that would be passed up to the switch's own CPU) in exactly the same way as they
act on packets that were destined to be forwarded directly by the switching chip.
What it does
Drops the traffic.
Forwards the traffic normally.
Forwards the traffic normally, and
also sends a copy of each packet to
the CPU.
Drops the traffic, but also sends a
copy of each packet to the CPU.
add switch hwfilter[=<filter-id>] classifier=<rule-id> action=setl2qos
[l2qosqueue=0..7] [priority=0..7] [bandwidthclass=1..3]
Creating dedicated hardware filters
When do you need this action?
Use this when the filtering policy is to disallow certain
traffic flows.
Use this when you want to discard a wide range of traffic,
but still forward some small subset of traffic within that
range.
Use this when you want software monitoring of a certain
packet flow. If you want to log, or count, or output debug
pertaining to a certain stream, then create a filter that
matches the packets in the stream, and specify copy for
the action.
Use this when you want software monitoring of a certain
packet flow that is being dropped. If you want to log,
count, or output debug pertaining to a certain disallowed
stream, then create a filter that matches the packets in the
stream, and specify copy,discard for the action.