1.1.5 Flow detection conditions
To perform flow detection, specify the conditions for identifying the flow in the configuration. The following describes the flow detection conditions for the receiving-side and sending-side interfaces.
- <Structure of this section>
(1) Flow detection condition of the receiving interface
The following table describes the flow detection conditions that can be specified for a receiving interface.
Type |
Configuration items |
||
---|---|---|---|
MAC conditions |
Configuration |
VLAN ID #1 |
|
MAC header |
Source MAC address |
||
Destination MAC address |
|||
Ethernet type |
|||
User priority*2 |
|||
IPv4 conditions |
Configuration |
VLAN ID #1 |
|
MAC header |
User priority*2 |
||
IPv4 header #3 |
Upper-layer protocol |
||
Source IP address |
|||
Destination IP address |
|||
ToS |
|||
DSCP |
|||
Precedence |
|||
IPv4-TCP header |
Source port number |
Single specification (eq) |
|
Range specification (range)*4 |
|||
Destination port number |
Single specification (eq) |
||
Range specification (range)*4 |
|||
TCP control flag*5 |
|||
IPv4-UDP header |
Source port number |
Single specification (eq) |
|
Range specification (range)*4 |
|||
Destination port number |
Single specification (eq) |
||
Range specification (range)*4 |
|||
IPv4-ICMP header |
ICMP type value |
||
ICMP code value |
|||
IPv6 conditions |
Configuration |
VLAN ID #1 |
|
MAC header |
User priority*2 |
||
IPv6 header #6 |
Upper-layer protocol |
||
Source IP address |
|||
Destination IP address |
|||
Traffic class |
|||
DSCP |
|||
IPv6-TCP header |
Source port number |
Single specification (eq) |
|
Range specification (range)*4 |
|||
Destination port number |
Single specification (eq) |
||
Range specification (range)*4 |
|||
TCP control flag*5 |
|||
IPv6-UDP header |
Source port number |
Single specification (eq) |
|
Range specification (range)*4 |
|||
Destination port number |
Single specification (eq) |
||
Range specification (range)*4 |
|||
IPv6-ICMP header |
ICMP type value |
||
ICMP code value |
- Note #1
-
VLAN IDs that can be detected by flow detection on the Switch are the values assigned to the VLANs entered in the VLAN configuration. The ID of the VLAN to which received frames belong will be detected.
- Note #2
-
The user priority cannot be detected for the following frames, and therefore user priority 3 is always detected:
- Frames that do not have a VLAN tag
- Frames received on ports on which VLAN tunneling is set
The user priority for a frame that has multiple VLAN tags is detected by counting from the MAC address side.The first VLAN tag encountered will be detected. The following figure shows an example of a frame that has multiple VLAN tags.
- Note #3
-
Supplementary note for the ToS field specification
These are 3-bit to 6-bit numbers in ToS :ToS field.
Priority: Value of the three highest-order bits in the ToS field.
DSCP: Value of the six highest-order bits in the ToS field.
- Note #4
-
For details about the capacity limits for TCP/UDP port number detection pattern, see the Configuration Guide Vol.1" "3.5 Filtering, QoS, and Policy Based Mirroring.
- Note #5
-
Packets whose ack, fin, psh, rst, syn, or urg flag is set to 1 are detected.
- Note #6
-
Supplementary note for the traffic class field specification
Traffic class: The value of the traffic class field.
DSCP: Value of the six highest-order bits in the traffic class field.
(2) Flow detection condition of the sending interface
The following table describes the flow detection conditions that can be specified for the sending interface. However, filter entries cannot be applied to VLAN interfaces for which Tag translation is set for any one of the Ethernet interfaces belonging to the relevant VLAN.
Type |
Configuration items |
||
---|---|---|---|
MAC conditions |
Configuration |
VLAN ID #1 |
|
MAC header |
Source MAC address |
||
Destination MAC address |
|||
Ethernet type |
|||
User priority*2 |
|||
IPv4 conditions |
Configuration |
VLAN ID #1 |
|
MAC header |
User priority*2 |
||
IPv4 header #3 |
Upper-layer protocol |
||
Source IP address |
|||
Destination IP address |
|||
ToS |
|||
DSCP |
|||
Precedence |
|||
IPv4-TCP header |
Source port number |
Single specification (eq) |
|
Destination port number |
Single specification (eq) |
||
TCP control flag*4 |
|||
IPv4-UDP header |
Source port number |
Single specification (eq) |
|
Destination port number |
Single specification (eq) |
||
IPv4-ICMP header |
ICMP type value |
||
ICMP code value |
|||
IPv6 conditions |
Configuration |
VLAN ID #1 |
|
MAC header |
User priority*2 |
||
IPv6 header |
Upper-layer protocol |
||
Source IP address |
|||
Destination IP address |
|||
Traffic class |
|||
DSCP |
|||
IPv6-TCP header |
Source port number |
Single specification (eq) |
|
Destination port number |
Single specification (eq) |
||
TCP control flag*4 |
|||
IPv6-UDP header |
Source port number |
Single specification (eq) |
|
Destination port number |
Single specification (eq) |
||
IPv6-ICMP header |
ICMP type value |
||
ICMP code value |
- Note #1
-
VLAN IDs that can be detected by flow detection on the Switch are the values assigned to the VLANs entered in the VLAN configuration. The ID of the VLAN to which the outgoing frames belong will be detected.
You cannot specify a VLAN ID for either of the following interfaces:
- Ethernet interfaces for which tag translation is set
- Ethernet interfaces for which VLAN tunneling is set
- Note #2
-
The user priority set in the VLAN tag of the send frame is detected. The user priority for a frame that has multiple VLAN tags is detected by counting from the MAC address side.The first VLAN tag encountered will be detected. The following figure shows an example of a frame that has multiple VLAN tags.
For the sending-side interface, the user priority for a frame without a VLAN tag is also detected. The following table describes the details of user priority detection.
Ports from which frames are sent |
Sending frame |
Flow detection operation for detecting the user priority |
---|---|---|
Ports for which VLAN tunneling is not set |
- |
If the marking functionality is used on the receiving side, the user priority after marking is performed is detected. If the marking functionality is not used on the receiving side and frames without VLAN tag are received, user priority 3 is detected. If the marking functionality is not used on the receiving side and frames with VLAN tag are received, the user priority that exists when the frames are received is detected. Note, however, that user priority 3 is detected for the following frames:
|
Ports for which VLAN tunneling is set |
Without VLAN tag |
Same as above |
With VLAN tag |
The user priority for send frames is detected as follows, regardless of whether the marking functionality is used on the receiving side. The following user priority is detected for the outgoing frames:
|
Legend-Does not affect the presence or absence of VLAN Tag
- Note #3
-
Supplementary note for the ToS field specification
These are 3-bit to 6-bit numbers in ToS :ToS field.
Priority: Value of the three highest-order bits in the ToS field.
DSCP: Value of the six highest-order bits in the ToS field.
When the marking functionality is used to update a DSCP on the receiving-side interface, the values of ToS, DSCP, and Precedence for the sending-side interface are detected for the frames after the DSCP is updated.
- Note #4
-
Packets whose ack, fin, psh, rst, syn, or urg flag is set to 1 are detected.