Configuring UDP Forwarding

To configure UDP Forwarding, create a policy file for your UDP profile, and then associate the profile with a VLAN (Virtual LAN) using the following command:
configure vlan vlan_name udp-profile [profilename | none]

You can apply a UDP Forwarding policy only to an L3 VLAN (a VLAN having at least one IP address configured on it). If no IP address is configured on the VLAN, the command is rejected.
UDP profiles are similar to ACL (Access Control List) policy files.UDP profiles use a subset of the match conditions allowed for ACLs. Unrecognized attributes are ignored. A UDP forwarding policy must contain only the following attributes:
- Match attributes
  - Destination UDP port number (destination-port)
  - Source IP address (source-ipaddress)
- Action modified (set) attributes
  - Destination IP address (destination-ipaddress)
  - VLAN name (vlan)
Policy files used for UDP forwarding are processed differently from standard policy files. Instead of terminating when an entry‘s match clause becomes true, each entry in the policy file is processed and the corresponding action is taken for each true match clause.
For example, if the following policy file is used as a UDP forwarding profile, any packets destined for UDP port 67 are sent to IP address 20.0.0.5 and flooded to VLAN to7:
```
entry one {
if match all {
	destination-port 67 ;
} then {
	destination-ipaddress 20.0.0.5 ;
}
}
entry two {
if match all {
	destination-port 67 ;
} then {
	vlan "to7" ;
}
}
```
If you include more than one VLAN set attribute or more than one destination-ipaddress set attribute in one policy entry, the last one is accepted and the rest are ignored.

Note
Although the XOS policy manager allows you to set a range for the destination-port, you should not specify the range for the destination-port attribute in the match clause of the policy statement for the UDP profile. If a destination-port range is configured, the last port in the range is accepted and the rest are ignored.

You can have two valid set statements in each entry of a UDP forwarding policy; one a destination-ipaddress and one a VLAN. The ExtremeXOS software currently allows a maximum of eight entries in a UDP forwarding policy, so you can define a maximum of 16 destinations for one inbound broadcast UDP packet: eight IP addresses and eight VLANs.

Note

It is strongly advised to have no more than eight entries in a UDP forwarding profile. The UDP forwarding module processes those entries even if the entries do not contain any attributes for UDP forwarding. Having more than eight entries drastically reduces the performance of the system. If the inbound UDP traffic rate is very high, having more than eight entries could cause the system to freeze or become locked.

If you rename a VLAN referred to in your UDP forwarding profile, you must manually edit the policy to reflect the new name, and refresh the policy.

You can also validate whether the UDP profile has been successfully associated with the VLAN by using the show policy command. UDP Forwarding is implemented as part of the netTools process, so the command does display netTools as a user of the policy.
To remove a policy, use the none form of the following command:
configure vlan vlan_name udp-profile [profilename | none]

or use the following command:
unconfigure vlan vlan_name udp-profile

For more information about creating and editing policy files, see Chapter 17, “Policy Manager.” For more information about ACL policy files, see Chapter 18, “ACLs.”

Published March 2020prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback