Posted on July 19, 2021 2:34 am
 |  Asked by Jonas Pfefferle
 |  66 views
0
0
Print Friendly, PDF & Email

Hi all

Is there a way to trap packets to the CPU on a 7150S if they match a custom rule? (like e.g. is done for control plane, LLDP, NAT, etc)

  • DirectFlow/Openflow seems to be a possibility but not supported on the 7150
  • Filtered mirroring to CPU is possible but does not support egress IP ACLs
  • Security ACL Filtered Mirroring is another option but again not supported on the 7150

Is there any other way I’m missing?

Thanks,

Jonas

0
Answered on July 19, 2021 3:33 am

Hi Jonas,

Thanks for reaching out.

 

Yes, You are correct 1st and 3rd options are not supported on 7150 platform.

We can filter Rx traffic and mirror to CPU , however Tx traffic can only be sent to CPU unfiltered.

As per below TOI, Egress filtered mirroring is only supported on few platforms and is not supported on 7150:

https://eos.arista.com/eos-4-23-0f/egress-filtered-mirroring/

 

Could you please confirm  if you are looking to trap Rx or Tx traffic?

 

You can also refer to the below doc for Advanced Mirroring Features:

https://eos.arista.com/advanced-mirroring-features/

 

Thanks,

Bhavana.

0
Posted by Jonas Pfefferle
Answered on July 19, 2021 7:41 am

Hi Bhavana

Thanks for the quick answer. I'm looking to trap both Rx and Tx traffic with different rules.

For Rx traffic, as mentioned, mirroring to CPU is a possibility. This traps traffic to one of the mirror kernel interfaces. However, if it were possible, directly trapping to the kernel interface of the specific port would be much nicer (also given the limitation of max 4 mirror sessions on the FM6000).

For Tx traffic, I could just mirror all traffic and filter with iptables in the kernel. However I don't want to overwhelm the CPU. Is there any other solution?

Thanks,

Jonas

Post your Answer

You must be logged in to post an answer.