Filter Message Header

About this task

Perform this procedure to filter IPGRE, nvGRE, VXLAN, IPIP, or GTPu message headers.

Procedure

  1. Configure the ingress group with the required ingress ports.
  2. Configure the required IPv4 or IPv6 ACL settings to filter IPGRE, nvGRE, VXLAN, IPIP, or GTPu message headers.
    • Use the L4 port 132 to filter SCTP packets.
    • Starting with release 21.1.1.0, Extreme 9920 software supports outer VXLAN headers.
    • Starting with release 21.1.2.0, Extreme 9920 software supports IPv6 GRE tunnel termination and MPLS Segment Routing in outer tunnel termination.
    • To configure packet mirroring for VXLAN frames, go to step 3. Otherwise, proceed to step 4.
  3. Optional: Configure packet mirroring for VXLAN frames.
    1. Enable mirror configuration. 
      device(config)# mirror mirr_1
device(config-mirror)#
    2. Configure the mirror destination port in slot/port format. 
      device(config-mirror)# set interface ethernet NAME
    3. Configure the required VXLAN or MPLS mirror to the ingress-group. 
      device(config-ingress-group)# traffic-type [ vxlan | mpls ] outer mirror mirr_1
  4. Set ACL filtering in the route-map.
  5. Apply the route-map policy to the ingress group.
  6. Send traffic flows to the device under test.
    • The configured GTP, SCTP, or VXLAN message header is dropped based on ACL configured in the route-map.
    • The non-filtered traffic is forwarded to the egress port/egress group.
  7. Verify the CLI statistics of ingress group to determine the number of packets or flows received and dropped.
  8. Verify the CLI statistics of egress port or egress group to determine the number of non-filtered packets or flows forwarded.
  9. Verify the CLI statistics of UDA ACL matches the number of packets/flows dropped.
  10. Verify that the packets matching the UDA ACL are not forwarded in egress groups and only non-filtered packets are received by validating or capturing the wired PCAP collected in the analytical tools.
9037263-01 Rev AB