CLEAR-Flow
ExtremeWare XOS 11.3 Concepts Guide
378
CLEAR-Flow Rule Match Conditions
In a CLEAR-Flow rule, the <match-conditions> portion consists of one to four expressions, an optional
global-rule statement, and an optional period statement:
entry <CLFrulename> <match-type> {
if { <expression>;
<expression>;
<expression>;
<expression>;
global-rule;
period <interval>;
}
then {
<actions>;
} else {
<actions>;
}
}
In the following example, the CLEAR-Flow rule cflow_count_rule_example will be evaluated every ten
seconds. The actions statements will be triggered if the value of counter1 (defined earlier in the ACL
policy file) is greater than 1,000,000:
entry cflow_count_rule_example {
if { count counter1 > 1000000 ;
period 10 ;
}
then {
<actions>;
}
}
The global-rule statement is optional and affects how the counters are treated. An ACL that defines
counters can be applied to more than one interface. In the original release of CLEAR-Flow, however, any
counters used in an expression were only evaluated for that particular interface that the CLEAR-Flow
rule was applied to. Beginning with the ExtremeWare XOS 11.2 release, you can specify the global-rule
statement so that counters are evaluated for all the applied interfaces. For example, if a policy that
defines a counter is applied to port 1:1 and 2:1, a CLEAR-Flow rule that used the global-rule statement
would sum up the counts from both ports. Without the global-rule statement, the CLEAR-Flow rule
would only look at the counts received on one port at a time.
The
period <interval> statement is optional and sets the sampling interval, in seconds. This
statement specifies how often the rule is evaluated by the CLEAR-Flow agent. If not specified, the
default value is 5 seconds.
NOTE
In ExtremeWare XOS 11.1 only one expression was allowed per CLEAR-Flow rule.
There are five CLEAR-Flow rule expressions: count, delta, ratio, delta-ratio, and rule. All of these
expressions check the values of counters to evaluate if an action should be taken. The counters are
either defined in the ACL entries that are defined on the switch, or are the pre-defined CLEAR-Flow
To Next Page
Loading...
Need help?
General
