| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:dpi_components:platform:vlan_traffic_handling [2025/10/01 15:37] – elena.krasnobryzh | en:dpi:dpi_components:platform:vlan_traffic_handling [2025/11/20 11:54] (current) – elena.krasnobryzh |
|---|
| {{indexmenu_n>10}} | {{indexmenu_n>10}} |
| ======Handling traffic by VLAN====== | ====== Handling traffic by VLAN ====== |
| <note warning>The ''vlan group'' data has been migrated from UDR to SDR. Global rules for ''vlan drop'', ''vlan pass'', ''vlan hide'', ''vlan permit'', previously set by the legacy CLI command ''vlan group'', have been converted and migrated from UDR to SDR with removal from UDR.</note> | <note warning>The ''vlan group'' data has been moved from UDR to SDR. Global rules for ''vlan drop'', ''vlan pass'', ''vlan hide'', ''vlan permit'', configured previously by the ''vlan group'' CLI command, have been converted and moved from UDR to SDR with removal from UDR.</note> |
| - Drop traffic without analysis from a specific VLAN:<code bash>fdpi_cli vlan group <id> drop</code> | - Drop traffic without analysis from a specific VLAN:<code bash>fdpi_cli vlan rule add <id> perm drop</code> |
| - Dropping traffic with preliminary analysis, but without transferring it to Netflow statistics from a specific VLAN (Used to deal with asymmetric traffic when a site receives a double of traffic from another site. It is necessary to analyze and drop the traffic so that it is not included in the statistics):<code bash>fdpi_cli vlan group <id> hide</code> | - Drop traffic after preliminary analysis, but without sending it to NetFlow statistics from a specific VLAN (used for working with asymmetric traffic, when duplicated traffic from another site is delivered to the site. It is necessary to analyze and drop the traffic so that it does not get into statistics):<code bash>fdpi_cli vlan rule add <id> perm hide</code> |
| - Passing traffic without any analysis from a specific VLAN:<code bash>fdpi_cli vlan group <id> pass</code> | - Pass traffic without any analysis from a specific VLAN:<code bash>fdpi_cli vlan rule add <id> perm pass</code> |
| - Display existing settings in the UDR: <code bash>fdpi_cli vlan group 0 show all</code>Example output of the command:<code bash>fdpi_cli vlan group 0 show all | - Display existing settings in UDR: <code bash>fdpi_cli vlan rule dump</code>Example of command output:<code bash># fdpi_cli vlan rule dump |
| <proto> <vlan> <service-name> <policy> <delay> | 1000 perm hide |
| all 4000 * hide 0 | 2000 perm drop |
| all 4002 * hide 0 | 3000 perm pass |
| all 4003 * hide 0</code>In this example, you can see that all protocols belonging to VLAN 4000, 4002, 4003 are affected by hide, that is, traffic from one site is duplicated to another site. | 4000 perm hide |
| - Output all properties for a group with a specific id:<code bash>fdpi_cli vlan group <id> show all</code>Here ''id'' is the number of the VLAN for which you want to output Service-Name information. | </code>In this example, you can see that all protocols related to VLAN 1000 and 4000 fall under the ''hide'' rule, that is, traffic from one site is duplicated to another site; VLAN 2000 — traffic is dropped, VLAN 3000 — traffic is passed. |
| |
| <note tip>For more information, see[[en:dpi:bras_bng:bras_pppoe#configuring_service-name_for_vlan|Configuring Service-Name for VLAN]]</note> | <note tip>For more details, see [[en:dpi:bras_bng:bras_pppoe#configuring_service-name_for_vlan|Configuring Service-Name for VLAN]]</note> |
| |
| =====VLAN Rule===== | =====VLAN Rule===== |
| * ''vlan rule apply'' — applies rules; by default, rules are applied 5 minutes after the last SDR modification | * ''vlan rule apply'' — applies rules; by default, rules are applied 5 minutes after the last SDR modification |
| |
| <note important>When using * in CLI for QinQ ranges, it is recommended to enclose the expression in quotes (e.g., '*.68') or use the keyword any (e.g., any.68) to avoid incorrect interpretation of the * character by the bash shell.</note> | <note important>When using ''*'' in CLI for QinQ ranges, it is recommended to enclose the expression in quotes (e.g., '' '*.68' '') or use the keyword ''any'' (e.g., ''any.68'') to avoid incorrect interpretation of the ''*'' character by the bash shell.</note> |
| |
| **Change Application Specifics:** Rule changes made by the ''add'', ''modify'', or ''delete'' commands are saved to SDR and automatically applied by the system 5 minutes after the last modification. The ''vlan rule apply'' command allows forcing their application, but no more than once per minute. | **Change Application Specifics:** Rule changes made by the ''add'', ''modify'', or ''delete'' commands are saved to SDR and automatically applied by the system 5 minutes after the last modification. The ''vlan rule apply'' command allows forcing their application, but no more than once per minute. |
