Traffic

In this chapter, you can find all the available commands to configure traffic-related features, such as traffic policy <txt>, traffic selector <txt> or traffic control <id>. These features can be used to filter or transform network packets.

The OSDx network stack is very complex and; therefore, it takes a lot of practice to master all the features that are provided, sometimes through trial and error.

The following diagram summarizes the path that every network packet needs to traverse, regardless of whether it has to be forward (routed traffic) or not (local traffic):

OSDx Traffic network path

Warning

The previous diagram only exposes the traffic-related features; i.e., some other features like firewall, IPsec or Netflow have been omitted for the sake of clarity.

The first feature and also the last one that takes place is the QoS. Whenever a packet is received in an interface or it is about to be transmitted, the attached traffic control is executed (if any). Traffic control can be used to filter or shape both incoming and outgoing traffic.

Right after traversing the ingress QoS, packets are analyzed to determine if they have to be accelerated by using the OSDx offload engine. This new path is commonly denoted as fastpath. If this fastpath bypass occurs, traffic policy and NAT rules are automatically applied based on previous packets that went through the slowpath.

When packets do not bypass the part of the network stack, because the OSDx offload engine is disabled or because it is unsafe to accelerate those packets, the different traffic policy and NAT rules are checked and applied in order.

Traffic can be differentiated between local and forwarded traffic. The former refers to the traffic that has to be processed in the current device. On the other hand, the latters referes to the traffic that has to be delivered to a different device.

Traffic can also be intercepted locally by using two different approaches:

• Configuring a service traffic-proxy <id> instance and intercepting traffic with traffic policy <txt> rule <u32> action proxy.

• Configuring a service firewall <id> instance and enqueuing traffic with traffic policy <txt> rule <u32> action enqueue <txt>.

Finally, the egress QoS is executed if the outgoing interface has an attached traffic control discipline.

• Traffic Control
• Traffic Group
• Traffic Label
• Traffic Policy
• Traffic Queue
• Traffic Selector
• Traffic Trace
• Traffic Zone