Configuring Traffic Distribution Based on Forwarding Groups
Context
Normally, an interface forwards a received packet at Layer 2 or Layer 3. In scenarios demanding high security, specific packets need to be copied to multiple interfaces for analysis. You can deploy traffic distribution based on forwarding groups.
This function enables the device to group packets based on 96 bits of source and destination MAC addresses. Then the device copies and forwards the packets to multiple interfaces based on the mapping between groups and interfaces. The group bit width and port number bit width are specified in the forwarding group view. The integral part of 96 divided by the group bit width is the number of groups. If there are over eight groups, the device analyzes only the first eight groups. The port number bit width is the first part of the group bit width. You can specify the mapping between port numbers and physical interfaces in the forwarding group view so that the device forwards packets to corresponding physical interfaces based on specified port numbers.
For example, the 96 bits of source and destination MAC addresses in a packet is 0101101101 011010100011 1011011011.... the group bit width is 10 bits, and the port number bit width is 5 bits. The port number of the first group is 01011 and is 11 in decimal notation, and port 11 is mapped to 10GE1/0/1. Then the packet is forwarded from 10GE1/0/1. Similarly, the port number of the second group is 01101 and is 13 in decimal notation, and port 13 is mapped to 10GE1/0/2. Then the packet is forwarded from 10GE1/0/2. The rest may be deduced by analogy.
After traffic distribution based on forwarding groups is configured on an interface, the interface forwards received packets based on the mapping configured in the forwarding group view. The packets that do not match mapping entries are discarded, and Layer 2 or Layer 3 forwarding on the interface is unavailable.
Only the CE12800E equipped with the ED-E/EG-E/EGA-E card supports this function.
Procedure
- Run system-view
The system view is displayed.
- Run forward-group
A forwarding group is created and the forwarding group view is displayed.
By default, no forwarding group is created.
- Run segment-width segment-width-value port-width port-width-value
The group bit width and port number bit width are configured.
By default, the group bit width and port number bit width are not configured.
- Run member-port port-number interface interface-type interface-number
The mapping between port numbers and physical interfaces is configured.
By default, the mapping between port numbers and physical interfaces is not configured.
port-number is the decimal value that is converted by port-width-value (binary value) in the segment-width port-width command.
- Run quit
Return to the system view.
- Run interface interface-type interface-number
The interface view is displayed.
The interface must be a physical interface or an Eth-Trunk member interface.
- Run forward-group enable
Traffic distribution based on forwarding groups is enabled.
By default, traffic distribution based on forwarding groups is not enabled.
After traffic distribution based on forwarding groups is enabled on an interface, Layer 2 or Layer 3 forwarding is unavailable on the interface. Exercise caution when you run this command.
The outbound interface needs to be added to a VLAN in untagged mode. The VLAN ID is the same as the PVID configured on the inbound interface.
- For an access interface or a QinQ interface, run the port default vlan vlan-id command to add the interface to a specified VLAN.
- For a trunk interface, run the port trunk allow-pass vlan vlan-id and port trunk pvid vlan vlan-id commands, in which the value of vlan-id must be the same.
- For a hybrid interface, run the port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all } command so that frames of the VLANs pass through the hybrid interface in untagged mode.
- Run commit
The configuration is committed.