Traffic Group
This chapter covers some aspects related to traffic groups,
which are a set of different traffic elements that can be used
by traffic selectors to efficiently filter network packets.
The following types are supported:
address: group of IPv4 addresses.
ipv6-address: group of IPv6 addresses.
port: group of ports.
mac-address: group of MAC addresses.
A traffic group can be reused by multiple traffic selectors.
Here you can find more information about traffic
selectors.
Configuration
This is the syntax to create a traffic group:
set traffic group <group_type> <group_name> [ ... ]
traffic groups can be referenced from the following commands:
traffic selector <selector_name> rule <u32> [ not ] destination address-group <group_name>
traffic selector <selector_name> rule <u32> [ not ] destination ipv6-address-group <group_name>
traffic selector <selector_name> rule <u32> [ not ] destination port-group <group_name>
traffic selector <selector_name> rule <u32> [ not ] destination mac-address-group <group_name>
traffic selector <selector_name> rule <u32> [ not ] source address-group <group_name>
traffic selector <selector_name> rule <u32> [ not ] source ipv6-address-group <group_name>
traffic selector <selector_name> rule <u32> [ not ] source port-group <group_name>
traffic selector <selector_name> rule <u32> [ not ] destination mac-address-group <group_name>
Examples
For example, in order to create a group of ipv4-addresses we could type the following commands:
set traffic group address ALLOWED_ADDRESSES element 10.0.0.1-10.0.0.9
set traffic group address ALLOWED_ADDRESSES element 10.0.1.0/24
set traffic group address ALLOWED_ADDRESSES element 10.0.2.1
Take a look at the following entries to see more information about traffic
groups: