Clear-Flow Rule Examples; Count Expression Example; Delta Expression Example - Extreme Networks ExtremeWare XOS Guide Manual

Table 56: Predefined CLEAR-Flow Counters (Continued)
Counter Name
sys_IgmpOutLeaves
1.Most of these descriptions can be found in RFC 2011, SNMPv2 Management Information Base for the In-
ternet Protocol using SMIv2
2.The length of an ICMP packet depends on the type and code field.

CLEAR-Flow Rule Examples

In the examples that follow, there are one to two ACL rule entries followed by a CLEAR-Flow rule
entry. The examples illustrate the four CLEAR-Flow rule expressions: count, delta, ratio, and delta-ratio.

Count Expression Example

In the following example, every 10 seconds the CLEAR-Flow agent will request the counter1 statistics
from the hardware. After it receives the counter value, it will evaluate the CLEAR-Flow rule. If the
value of counter1 is greater than 1000000 packets, the CLEAR-Flow agent will send a trap message to
the SNMP master, and change the ACL acl_rule1 to block traffic (acl_rule1 is modified to a deny rule).
Since there is no period configured for the
entry acl_rule1 {
if {
destination-address 192.168.16.0/24;
destination-port 2049;
protocol tcp;
} then {
count counter1;
}
}
entry cflow_count_rule_example
if { count counter1 > 1000000 ;
period 10 ;
}
then {
snmptrap 123 "Traffic on acl_rule1 exceeds threshold";
deny acl_rule1;
}
}

Delta Expression Example

In this example, every 10 seconds the CLEAR-Flow agent will request the counter1 statistics from the
hardware. After it receives the counter value, it will then evaluate the rule. If the delta (change) of the
counter1 value from the last sampled value 10 seconds ago is greater than or equal to 1000 packets, the
CLEAR-Flow agent will send a trap message to the SNMP master, and change the ACL acl_rule1 to
ExtremeWare XOS 11.3 Concepts Guide
1
Description
The number of outgoing IGMP leave requests.
statement, the message is sent only once.
snmptrap
{
CLEAR-Flow Rule Examples
389