1.1.5 Flow detection conditions

To perform flow detection, specify the conditions for identifying the flow in the configuration. The following describes the flow detection conditions for the receiving-side and sending-side interfaces.

<Structure of this section>

(1) Flow detection condition of the receiving interface

The following table describes the flow detection conditions that can be specified for a receiving interface.

Table 1-4: Flow detection conditions that can be specified for a receiving interface
Type		Configuration items
MAC conditions	Configuration	VLAN ID^#1
	MAC header	Source MAC address
		Destination MAC address
		Ethernet type
		User priority*2
IPv4 conditions	Configuration	VLAN ID^#1
	MAC header	User priority*2
	IPv4 header #3	Upper-layer protocol
		Source IP address
		Destination IP address
		ToS
		DSCP
		Precedence
	IPv4-TCP header	Source port number	Single specification (eq)
		Source port number	Range specification (range)*4
		Destination port number	Single specification (eq)
		Destination port number	Range specification (range)*4
		TCP control flag*5
	IPv4-UDP header	Source port number	Single specification (eq)
		Source port number	Range specification (range)*4
		Destination port number	Single specification (eq)
		Destination port number	Range specification (range)*4
	IPv4-ICMP header	ICMP type value
	IPv4-ICMP header	ICMP code value
IPv6 conditions	Configuration	VLAN ID^#1
	MAC header	User priority*2
	IPv6 header #6	Upper-layer protocol
		Source IP address
		Destination IP address
		Traffic class
		DSCP
	IPv6-TCP header	Source port number	Single specification (eq)
		Source port number	Range specification (range)*4
		Destination port number	Single specification (eq)
		Destination port number	Range specification (range)*4
		TCP control flag*5
	IPv6-UDP header	Source port number	Single specification (eq)
		Source port number	Range specification (range)*4
		Destination port number	Single specification (eq)
		Destination port number	Range specification (range)*4
	IPv6-ICMP header	ICMP type value
	IPv6-ICMP header	ICMP code value

Note #1

VLAN IDs that can be detected by flow detection on the Switch are the values assigned to the VLANs entered in the VLAN configuration. The ID of the VLAN to which received frames belong will be detected.

Note #2

The user priority cannot be detected for the following frames, and therefore user priority 3 is always detected:

- Frames that do not have a VLAN tag

- Frames received on ports on which VLAN tunneling is set

The user priority for a frame that has multiple VLAN tags is detected by counting from the MAC address side.The first VLAN tag encountered will be detected. The following figure shows an example of a frame that has multiple VLAN tags.

[Figure Data]

Note #3

Supplementary note for the ToS field specification

These are 3-bit to 6-bit numbers in ToS :ToS field.

Priority: Value of the three highest-order bits in the ToS field.

[Figure Data]

DSCP: Value of the six highest-order bits in the ToS field.

[Figure Data]

Note #4

For details about the capacity limits for TCP/UDP port number detection pattern, see the Configuration Guide Vol.1" "3.5 Filtering, QoS, and Policy Based Mirroring.

Note #5

Packets whose ack, fin, psh, rst, syn, or urg flag is set to 1 are detected.

Note #6

Supplementary note for the traffic class field specification

Traffic class: The value of the traffic class field.

[Figure Data]

DSCP: Value of the six highest-order bits in the traffic class field.

[Figure Data]

(2) Flow detection condition of the sending interface

The following table describes the flow detection conditions that can be specified for the sending interface. However, filter entries cannot be applied to VLAN interfaces for which Tag translation is set for any one of the Ethernet interfaces belonging to the relevant VLAN.

Table 1-5: Flow detection conditions that can be specified for a sending interface
Type		Configuration items
MAC conditions	Configuration	VLAN ID^#1
	MAC header	Source MAC address
		Destination MAC address
		Ethernet type
		User priority*2
IPv4 conditions	Configuration	VLAN ID^#1
	MAC header	User priority*2
	IPv4 header #3	Upper-layer protocol
		Source IP address
		Destination IP address
		ToS
		DSCP
		Precedence
	IPv4-TCP header	Source port number	Single specification (eq)
		Destination port number	Single specification (eq)
		TCP control flag*4
	IPv4-UDP header	Source port number	Single specification (eq)
	IPv4-UDP header	Destination port number	Single specification (eq)
	IPv4-ICMP header	ICMP type value
	IPv4-ICMP header	ICMP code value
IPv6 conditions	Configuration	VLAN ID^#1
	MAC header	User priority*2
	IPv6 header	Upper-layer protocol
		Source IP address
		Destination IP address
		Traffic class
		DSCP
	IPv6-TCP header	Source port number	Single specification (eq)
		Destination port number	Single specification (eq)
		TCP control flag*4
	IPv6-UDP header	Source port number	Single specification (eq)
	IPv6-UDP header	Destination port number	Single specification (eq)
	IPv6-ICMP header	ICMP type value
	IPv6-ICMP header	ICMP code value

Note #1

VLAN IDs that can be detected by flow detection on the Switch are the values assigned to the VLANs entered in the VLAN configuration. The ID of the VLAN to which the outgoing frames belong will be detected.

You cannot specify a VLAN ID for either of the following interfaces:

- Ethernet interfaces for which tag translation is set

- Ethernet interfaces for which VLAN tunneling is set

Note #2

The user priority set in the VLAN tag of the send frame is detected. The user priority for a frame that has multiple VLAN tags is detected by counting from the MAC address side.The first VLAN tag encountered will be detected. The following figure shows an example of a frame that has multiple VLAN tags.

[Figure Data]

For the sending-side interface, the user priority for a frame without a VLAN tag is also detected. The following table describes the details of user priority detection.

Table 1-6: User priority detection on the sending interface
Ports from which frames are sent	Sending frame	Flow detection operation for detecting the user priority
Ports for which VLAN tunneling is not set	-	If the marking functionality is used on the receiving side, the user priority after marking is performed is detected. If the marking functionality is not used on the receiving side and frames without VLAN tag are received, user priority 3 is detected. If the marking functionality is not used on the receiving side and frames with VLAN tag are received, the user priority that exists when the frames are received is detected. Note, however, that user priority 3 is detected for the following frames: Frames received on ports on which VLAN tunneling is set
Ports for which VLAN tunneling is set	Without VLAN tag	Same as above
Ports for which VLAN tunneling is set	With VLAN tag	The user priority for send frames is detected as follows, regardless of whether the marking functionality is used on the receiving side. The following user priority is detected for the outgoing frames: For frames received on a port for which VLAN tunneling is set, the user priority that exists when the frames are received is detected. For frames received on a port for which VLAN tunneling is not set, the user priority that exists when VLAN tags are removed from the receive frames is detected.

Legend-Does not affect the presence or absence of VLAN Tag

Note #3

Supplementary note for the ToS field specification

These are 3-bit to 6-bit numbers in ToS :ToS field.

Priority: Value of the three highest-order bits in the ToS field.

[Figure Data]

DSCP: Value of the six highest-order bits in the ToS field.

[Figure Data]

When the marking functionality is used to update a DSCP on the receiving-side interface, the values of ToS, DSCP, and Precedence for the sending-side interface are detected for the frames after the DSCP is updated.

Note #4

Packets whose ack, fin, psh, rst, syn, or urg flag is set to 1 are detected.