.. _example_traffic_selector_rule_vlan_link-in: ####### Link-In ####### The following scenario shows how to filter packets based on VLAN attributes using traffic selectors. The policy is attached to DUT0's ``link-in`` hook; DUT1 originates the traffic and DUT0's journal is checked. *********************************** Test VLAN Selector (802.1Q) Link-In *********************************** Description =========== A ``traffic policy`` ``MATCH_VLAN`` is configured on DUT0's parent interface (``eth0``) in the link-in hook. The ``traffic selector`` ``VLAN`` filters packets with ``ether-type 8021q`` and ``vlan id 100``, logging matches with prefix ``MATCH_VLAN``. DUT1 sends a ping through the 802.1Q VLAN; DUT0 sees it on link-in. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(802.1q)link-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto ********************************* Test VLAN Selector (QinQ) Link-In ********************************* Description =========== A ``traffic policy`` ``MATCH_VLAN`` is configured on DUT0's parent interface (``eth0``) in the link-in hook. The ``traffic selector`` ``VLAN`` filters packets with ``ether-type 8021ad``, ``vlan id 100``, ``vlan protocol 8021q`` and ``vlan inner-id 200``. DUT1 sends a ping through the QinQ VLAN; DUT0 sees the double-tagged packet on link-in. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(qinq)link-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto ************************************************** Test VLAN Selector (QinQ) With PCP Matches Link-In ************************************************** Description =========== The ``traffic selector`` ``VLAN`` filters QinQ packets matching ``vlan id 100``, ``vlan pcp 3``, ``vlan inner-id 200`` and ``vlan inner-pcp 5``. Traffic policies ``OUTER_COS`` and ``INNER_COS`` on DUT1's outer and inner VLAN sub-interfaces set the required PCP values, which DUT0 matches on link-in. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(qinq)withpcpmatcheslink-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto **************************************************** Test VLAN Selector (802.1Q) With Not Vlan Id Link-In **************************************************** Description =========== The ``traffic selector`` ``VLAN`` uses ``not vlan id 100``. DUT1 sends through VLAN 101, so the negated condition matches on DUT0's link-in hook (the packet's VLAN id differs from 100), causing rule 1 to log with prefix ``MATCH_VLAN``. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(802.1q)withnotvlanidlink-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto ***************************************************** Test VLAN Selector (802.1Q) With Not Vlan PCP Link-In ***************************************************** Description =========== The ``traffic selector`` ``VLAN`` uses ``vlan id 100`` and ``not vlan pcp 3``. A traffic policy ``SET_COS`` on DUT1's VLAN sub-interface sets the PCP value to 5, so the negated condition matches on DUT0's link-in hook, causing rule 1 to log with prefix ``MATCH_VLAN``. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(802.1q)withnotvlanpcplink-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto ******************************************************** Test VLAN Selector (QinQ) With Not Vlan Inner-id Link-In ******************************************************** Description =========== The ``traffic selector`` ``VLAN`` uses ``vlan id 100``, ``vlan protocol 8021q`` and ``not vlan inner-id 200``. DUT1 sends through C-VLAN 201, so the negated condition matches on DUT0's link-in hook (the packet's inner VLAN id differs from 200), causing rule 1 to log with prefix ``MATCH_VLAN``. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(qinq)withnotvlaninner-idlink-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto ********************************************************* Test VLAN Selector (QinQ) With Not Vlan Inner-pcp Link-In ********************************************************* Description =========== The ``traffic selector`` ``VLAN`` uses ``vlan id 100``, ``vlan protocol 8021q``, ``vlan inner-id 200`` and ``not vlan inner-pcp 5``. A traffic policy ``INNER_COS`` on DUT1's inner VLAN sub-interface sets the inner PCP value to 3, so the negated condition matches on DUT0's link-in hook, causing rule 1 to log with prefix ``MATCH_VLAN``. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(qinq)withnotvlaninner-pcplink-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto ********************************************************** Test VLAN Selector (802.1Q) With Not Vlan Protocol Link-In ********************************************************** Description =========== The ``traffic selector`` ``VLAN`` uses ``not vlan protocol ip``. DUT1 sends an arping (ARP): since ARP is not IP, the negated condition matches on DUT0's link-in hook and rule 1 logs with prefix ``MATCH_VLAN``. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(802.1q)withnotvlanprotocollink-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto ************************************************************** Test VLAN Selector (QinQ) With Not Vlan Inner-protocol Link-In ************************************************************** Description =========== The ``traffic selector`` ``VLAN`` uses ``not vlan inner-protocol ip``. DUT1 sends an arping (ARP): since ARP is not IP, the negated condition matches on DUT0's link-in hook and rule 1 logs with prefix ``MATCH_VLAN``. Scenario ======== .. osdx:tabset:: :suite: link-in :test: testvlanselector(qinq)withnotvlaninner-protocollink-in :devices: vm:SDE,M10:M10-Smart,M2:M2,RS420:RS420,AresC640:AresC640,SDE11k:SDE11k,Atlas840:Atlas840,M20:M20,H5Rail:H5Rail,M10Plus:M10Plus,H5Auto:H5Auto