Routing
Reply
Visitor
soumyakulkarni
Posts: 5
Registered: ‎01-04-2011
0

Firewall filter Vpls match conditions

Hi,

 I have a query on firewall filter family vpls match conditions.

For family vpls, there are two match conditions – ether-type  and vlan-ether-type.When I tested them on T-series ( T1600 and T4000), both match conditions are matching for the  *same* field in the  packet stream.

I wanted to understand, how they are different from each other ? Can anyone please provide me info on the same.

 

Thanks

Soumya

Distinguished Expert
aarseniev
Posts: 1,705
Registered: ‎08-21-2009
0

Re: Firewall filter Vpls match conditions

[ Edited ]

Hello,

Would you please be able to clarify your statement?

Are you saying that VPLS filter match conditions "from ether-type HEX" and "from "vlan-ether-type HEX" are both matching the same frame where 2 bytes immediately after source MAC field contain value HEX?

Thanks

Alex 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Visitor
soumyakulkarni
Posts: 5
Registered: ‎01-04-2011
0

Re: Firewall filter Vpls match conditions

Hi,

 Yeah. I had 'ether-type' set to 'ppp' in packet stream.

 

Configuration :

[edit]
soumyadk@lernaean# show firewall
family vpls {
             filter f {
                  term t3 {
                          from {
                             ether-type [ oam ppp ];
                                  }
                          then {
                               count c_eth;
                                 next term;
                                 }

                   term t7 {
                                from {
                             vlan-ether-type ppp;
                                        }
                               then {
                                    count c_veth;
                                    next term;
                                       }
                                     }
      

Results:

[edit]
soumyadk@lernaean# run show firewall

Filter: __default_bpdu_filter__

Filter: f
Counters:
Name                      Bytes                    Packets

c_eth                   313554706140         2528666985

c_veth                  313554705768          2528666982

 

Distinguished Expert
aarseniev
Posts: 1,705
Registered: ‎08-21-2009
0

Re: Firewall filter Vpls match conditions

Hello,

Sorry, you config matches tagged frames where both ether-type and vlan-ether-type is set to PPP (0x880B), that's why both counters increment.

Please send the untagged frames with ether-type set to PPP (2 bytes after src.mac contain value 0x880B) and report back the results.

Thanks

Alex 

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Visitor
soumyakulkarni
Posts: 5
Registered: ‎01-04-2011
0

Re: Firewall filter Vpls match conditions

Hi Alex,

 I tried with untagged. It behaves same. 

 

Soumya

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.