Packetmaster ex2 quick_start_guide v1.1 20150910

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net

Bringing simplicity to today´s and tomorrow´s communication networks

Packetmaster EX2Quick Start Guide

High Performance Desktop Network Packet Broker

V1.1 2015-09-10

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Table of content

Slides Topic3-9 General hardware information

10-15 How to connect and communicate with the Packetmaster

16-22 Port configuration and Port statistics

23-38 Filter rules and Filter handling, Filter statistics, store Filters

39-49 Applications

50-52 Read SFP Info

53-60 Firmware Upgrade Procedure

61-end Advanced features and applications

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Cubro Packetmaster supports any SFP brand

Front view

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Optionally the EX2 can be equipped with a internal optical tap (one SM link and one MM link)

Rear view

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Ethernet Management

RS 232 Management 10/100/1000 Base-T Ports

1/10 Gbit SFP/SFP+ Ports

61

2

3

45

Default Port settings:• Port 1 to Port 4: Autoneg On• Port 5 and Port 6: 10G

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

61

2

3

45

Possible port configuration:

Port 1 – 4 Ethernet Base-T 10/100/1000 Mbit, Autoneg off or on

Port 5 – 6 10 Gbit SFP + Single or Multimode

1 Gbit SFP Single or Multimode

1 Gbit Copper SFP 1000 Mbit fix

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Optical TAP Singlemode Optical TAP Multimode

Redundant Dual Power 12 V DC / max 40 VA

2

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

• 2000 filter rules (see fields with read dot)

• Non blocking design 26 Gbit packet load

• Python scripts running on unit

• All ports can work as in- and output

• Fan-less and low power

Possible applications:

Aggregation - traffic filtering - traffic blocking - traffic modification

traffic steering - media converter - SFP testing - traffic generation - traffic capture alarm monitor - hardware firewall - loopback - …

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


CLI command line via SSH

Text menu via SSH

Web GUI via HTTP/HTTPS

REST API via HTTP/HTTPS

Packetmaster EX2Connection methods

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

EX Config Menu

1 Config ports 2 Setup Users / change passwords 3 Change IP, Subnet and Gateway 4 Show port status 5 Show port statistics 6 Reset port statistics 7 Read SFP status 8 Save current flow config 9 Show saved flow config 10 Reset saved flow config

0 Exit

Choose option number:

Simple Configuration Menu !

Type „exmenu“ to start the menu

This small menu should help to configure the unit in a more convenient way.

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Connect to your CUBRO Packetmaster EX via the Management Interface

Connection to EX WEB Gui

Ethernet Management

Enter the IP of the Packetmaster in your web browser (Factory default: 192.168.0.200)

The Packetmaster will automatically start up with the Rule Table (empty on first bootup)

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Change IP address of management interface:

connect via Serial Port: n-8-1 9600 baud

CLI Commands:

configure terminalmanagement ip address 192.168.0.155 netmask 255.255.255.0 management route add gateway 192.168.0.100 endwrite memoryshow management ip address

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

ssh access via Management interface

Default login settings:

• IP address: 192.168.0.200• Netmask: 255.255.255.0• Gateway: 192.168.0.1

• Username: admin• Password: cubro

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

1

2

3

4

CLI Commands:

configconfigure terminalinterface eth-0-1 (for Port 1); eth-0-2 for Port 2, eth-0-3 for Port 3, eth-0-4 for Port 4speed 100 (for 100M); 10 for 10M, auto for Autonegendwrite memoryexit

Change of Port Speed – Ports 1 to 4

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Device - IP Configuration WEB GUI

Configure Management Interface

Set configuration for management interfaceWhen settings are changed the browser automatically connects to the new IP address

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

5 6

CLI Commands to set Ports to 1G:

configconfigure terminalxgport-mode 1Gendwrite memoryreboot

Change of Port Speed – Ports 5 to 6

Link Speed of ports 5 and 6 are coupled. Both ports can be set to 10G or 1G.

CLI Commands to set Ports to 10G:

configconfigure terminalxgport-mode XGendwrite memoryreboot

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

CLI commands

configshow interface statusexit

Interface Status

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

5 6

CLI command

cc show br0

Interface Status

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Port Packet Statistics

CLI command cc dump-ports br0

Clear Port Packet Statistics CLI commands

Configclear counters interface eth-0-x (1 to 6; or all)exit

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Port Statistics WEB GUI

Port Statistics can be viewed and reset

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Port Status WEB GUI

Displays current status for all ports

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Port Configuration WEB GUI

Specify port settings

Select port to configure (1-n)

Select Duplex mode for port (auto/full/half)

Select port speed (10/100/1000 Mbit/auto)

Activate/Deactivate port (Laser off on SFP)

Specify speed setting for SFP/SFP+ ports

Toggling port between 1G and 10G requires reboot. (EX2 only!)

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Filter possibilities 1/2in_port=port_number Ingress port number

dl_src=xx:xx:xx:xx:xx:xx Ethernet source address

dl_dst=xx:xx:xx:xx:xx:xx [/ xx:xx:xx:xx:xx:xx]

Ethernet destination addressThis keyword supports a wildcard mask following the slash. Only four masks are allowed.− 01:00:00:00:00:00 Match only the multicast bit. Thus, dl_dst = 01:00:00:00:00:00/01:00:00:00:00:00 matches all multicast (including broadcast) Ethernet packets, and dl_dst = 00:00:00:00:00:00/01:00:00:00:00:00 matches all unicast Ethernet packets.− fe:ff:ff:ff:ff:ff Match all bits except the multicast bit. This is probably not useful.− ff:ff:ff:ff:ff:ff Exact match (equivalent to omitting the mask)− 00:00:00:00:00:00 Wildcard all bits (equivalent to dl_dst = *).

dl_type=ethertype Ethernet Protocol type ethertype, such as 0x0806 to match ARP packets

dl_vlan_pcp=priority Matches IEEE 802.1q Priority Code Point (PCP) priority

dl_vlan=vlan Matches IEEE 802.1q Virtual LAN tag vlan

vlan_tci=tci Matches modified VLAN TCI

nw_src=ip[/netmask] IPv4 source address

nw_dst=ip[/netmask] IPv4 destination addressThe optional netmask allows restricting a match to an IPv4 address prefix. The netmaskmay be specified as a dotted quad (e.g. 192.168.1.0/255.255.255.0) or as a CIDR block (e.g.192.168.1.0/24).When dl_type=0x0806 or arp is specified, matches the arp_spa or arp_tpa field,respectively, I ARP packets for IPV4 and Ethernet.When dl_type is wildcarded or set to a value other than 0x0800 or 0x0806, the values ofnw_src and nw_dst are ignored.

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Filter possibilities 2/2nw_proto=proto IP Protocol type proto which is specified as a decimal number between 0 and 255, inclusive

(e.g. 1 to match ICMP packets or 6 to match TCP packets)

nw_tos=tos IP ToS/DSCP traffic class field ToS which is specified as a decimal number between 0 and 255, inclusive.

tp_src=port UDP or TCP source port.

tp_dst=port UDP or TCP destination port which is specified as a decimal number between 0 and 65535, inclusive (e.g. 80 to match packets originating from a HTTP server)

icmp_type=type ICMP Protocol type which is specified as a decimal number between 0 and 255When dl_type and nw_proto take other values other than ICMP, the values of this setting is ignored.

icmp_code=code ICMP Protocol code which is specified as a decimal number between 0 and 255When dl_type and nw_proto take values other than ICMP, the values of this setting is ignored.

idle_timeout=seconds Causes the flow to expire after the given number of seconds of inactivityA value of 0 (the default) prevents a flow from expiring due to inactivity.

hard_timeout=seconds Causes the flow to expire after the given number of seconds, regardless of activityA value of 0 (the default) gives the flow no hard expiration deadline.

Abbreviations:

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Wildcard match fields:

IN_PORT MAC_SA/MAC_DA VLAN_ID/VLAN_PCP ETHER_TYPEICMP TYPE/ICMP CODE ARP_OP/ARP_SPA/ARP_TPA IPSA/IPDA/IP_DSCP L3_PROTOCOL TCP_SRC_PORT/TCP_DST_PORT UDP_SRC_PORT/UDP_DST_PORT GRE TUNNEL IDMPLS_LABEL

Available Actions:

OUTPUTSET_FIELD(MAC_SA/MAC_DA/VLAN_VID/VLAN_PCP/IPV4_DA/TCP_DST_PORT/UDP_DST_PORT/MPLS_LABEL/MPLS_TC/TUNNEL_ID) (means change the field)

PUSH_MPLS/POP_MPLS PUSH_VLAN/POP_VLAN DEC_IP_TTL SET_MPLS_TTL

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Entering Rules 1

Press „Add Rule“ tab to enter new rules

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Entering Rules 2

Enter values for rules

IP masks are entered in CIDR notation (1-32)

Leave empty if no filter on an attribute is desired

Multiple VLANS and ranges possible

Select ports to apply rulesSeparator e.g. 1,3 Ranges e.g. 2-4

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Entering Rules 3

Enter actions for matching packets

Modifies IP Header information

Removes MPLS label and adds Ethertype information

Changes VLAN to desired value

Selects output ports for matching packetsSeparator e.g. 1,3 Ranges e.g. 2-4

Adds VLAN

Mirrors traffic from inut to output of port

Deletes VLAN

Press to implement rule, confirmation is displayed

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Rule Table 1

Press „Rule Table“ to display all rules

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Rule Table 2

Editing/Copying/Deleting RulesEdit rule (only Output Actions can be edited)

Create new rule using the current one as basis

Delete this rule

Hides/Unhides columnse.g.

Saves rules to memory.Rules are restored after reboot. Overwrites previously stored rules in memory!

Deletes all active rules.

Stored rules are not deleted!

Resets all counters in Rule Table

Handling Rules

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Deleting saved rules In „Rule Table“ press →or In „Rule Export“ empty textbox for saved rules,

press

Rule Export 1

Downloads all active rules to local file ”activerules.txt”

Loads rules from saved file Downloads saved

rules to local file “savedrules.txt”

Adds saved rules to active rules.Active rules are not deleted.

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Saved Rules can be edited in the textbox. This does NOT effect the active rules. In order to activate these rules press Rules are added to active rules, they do not replace them

Rule Export 2

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Save Flows / Default Start-up Flows

By default the EX2 will not save the flows. After reboot the flows are deleted and the units starts without flows.

Save Flows1st define the flows and check with CLI command

cc dump-flows br0if the flows are correct..As a 2nd step use CLI command

saveflows.shand flows are automatically included in the file “flows”.

Start-up FlowsFlows that are included in file “flows” (see above) are automatically loaded after a reboot.

Edit Start-up FlowsUse vi Editor to directly manipulate the flows in the file “flows” via following CLI command:

vi flowsinsert/add/change the requested flows; more details about vi Editor commands are available on the internet – e.g. http://www.cs.rit.edu/~cslab/vi.html

Delete Start-up Flowscc del-flows br0saveflows.sh

http://www.cs.rit.edu/~cslab/vi.html

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Rule Statistics

CLI Command cc dump-flows br0

Clear Rule Statistics

CLI Commands

configcc clear counters flowsexit

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Rule statistic WEB GUI

Each Rule provides different CountersReset Rule Counters

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Delete a Rule(s)

CLI Commands cc del-flows br0Deletes all flows

cc del-flows br0 in_port=1Deletes all flows that include statement „in_port 1“

cc del-flow br0 in_port=1, tcp, tp_src=80Deletes the flow with in_port=1, tcp, tp_src=80

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Delete a Rule WEB GUI

Delete a Rule

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Save Flows / Default Start-up Flows

By default the EX2 will not save the flows. After reboot the flows are deleted and the units starts without flows.

Save Flows1st define the flows and check with CLI command

cc dump-flows br0if the flows are correct..As a 2nd step use CLI command

saveflows.shand flows are automatically included in the file “flows”.

Start-up FlowsFlows that are included in file “flows” (see above) are automatically loaded after a reboot.

Edit Start-up FlowsUse vi Editor to directly manipulate the flows in the file “flows” via following CLI command:

vi flowsinsert/add/change the requested flows; more details about vi Editor commands are available on the internet – e.g. http://www.cs.rit.edu/~cslab/vi.html

Delete Start-up Flowscc del-flows br0saveflows.sh

http://www.cs.rit.edu/~cslab/vi.html

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: aggregation one 10 Gbit link with optical splitter to 10 Gbit fibre output

To aggregate the two directions of a 10 Gbit link you normally need three 10 Gbit ports, not so with the EX2.

First you connect the two cables from the link over the splitter on the backside of the EX2. Then you must connect the two Monitor outputs with the two 10 Gbit receivers on the EX2. The 10 Gbit transmitters are still available and can be connected to the probe.

CLI Commands:

cc add-flow br0 in_port=5,actions=output:5cc add-flow br0 in_port=6,actions=output:5

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2AGGREGATION OF TWO 10 GBIT SPAN PORTS TO 1 X 10 GBIT OUTPUT WITH EX2+

This application is normally not possible because the EX2+ has only two 10 Gbit ports and you need 3 to do this job. But we at Cubro give our units some extra features to do this with two ports.A optical ports has an transmitter and a receiver part, this two “ports” can be used separately in all Cubro NPB. The other feature what you need is the optical tap at the back.

1. You must connect the only the TX from the span port with the RX from the EX2+. The TX from the EX2+ are still available.

2. One of this TX are used as output to the probe.

3. Because of a security feature, an optical interface did not start sending until it receives light on the RX.

4. So we use the second TX on the EX2+ to produce this light, (not traffic only layer 1 light)

5. In this case we need to light sources because we have two span ports, so we use the optical

TAP to split the light in two and connect this with the RX of the span ports.

Finally you must do a filter input 1 -> output 1 and output 2 -> output 1

Mission accomplished

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2Training

Application: aggregation one 10 Gbit link with optical splitter to 1 Gbit copper output

To aggregate the two directions of a 10 Gbit link to a 1 Gbit output. This is only working if the total load is lower than 1 Gbit, or if filters are used to reduce the load on the output.

First you connect the two cables from the link over the splitter on the backside of the EX2. Then you must connect the two Monitor outputs with the two 10 Gbit receivers on the EX2. Then connect your capture device on one copper port.

CLI commands:


With filter: (subnet source 10.10.10.10./24)

cc add-flow br0 in_port=5,ip,nw_src=10.10.10.10/24,actions=output:1cc add-flow br0 in_port=6,ip,nw_src=10.10.10.10/24,actions=output:1

,

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: aggregation one 10 Gbit link to 1 Gbit copper output

To aggregate the two directions of a 10 Gbit link to a 1 Gbit output. This is only working if the total load is lower than 1 Gbit, or if filters are used to reduce the load on the output.

If you do not have the optical tap or if you have a low optical budget you can also use the EX2 in line. Then you must connect the two outputs with the two 10 Gbit ports on the EX2. Then connect your capture device on one copper port.

CLI commands:

cc add-flow br0 in_port=5,actions=output:1,6cc add-flow br0 in_port=6,actions=output:1,5

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: aggregation one 10 Gbit link with optical splitter to 4 parallel 1 Gbit copper outputs

CLI commands:

cc add-flow br0 in_port=5,actions=output:1,2,3,4cc add-flow br0 in_port=6,actions=output:1,2,3,4

Maximum packet performance is 1GBest is to use traffic via filters – e.g. only specific IP addresses

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2Training

Application: aggregation one 10 Gbit link to 4 parallel 1 Gbit copper outputs

CLI commands:

cc add-flow br0 in_port=5,actions=output:1,2,3,4,6cc add-flow br0 in_port=6,actions=output:1,2,3,4,5

Maximum packet performance is 1GBest is to use traffic via filters – e.g. only specific IP addresses

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: aggregation one 1 Gbit link to 1 Gbit copper

To aggregate the two directions of a 1 Gbit link to a 1 Gbit output. This is only working if the total load is lower than 1 Gbit or if filters are used to reduce the load on the output.

If you do not have a copper tap the EX2 can be used in line. Connect the two outputs with two 1 Gbit ports on the EX2. Then connect your capture device on one copper port.

CLI commands:

cc add-flow br0 in_port=2,actions=output:1,4cc add-flow br0 in_port=4,actions=output:1,2

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: aggregation 3 x 1 Gbit ports (from a span port) to 1 Gbit copper output

CLI commands:

cc add-flow br0 in_port=2,actions=output:1cc add-flow br0 in_port=3,actions=output:1cc add-flow br0 in_port=4,actions=output:1

To aggregate only a specific VLAN ID (e.g. VLAN ID = 200):

cc add-flow br0 in_port=2,dl_vlan=200,actions=output:1cc add-flow br0 in_port=3,dl_vlan=200,actions=output:1cc add-flow br0 in_port=4,dl_vlan=200,actions=output:1

To aggregate only a VLAN (ID=200) and an IP address (in this case only the source IP of 10.10.10.10)

cc add-flow br0 in_port=2,ip,dl_vlan=200,nw_src=10.10.10.10,actions=output:1cc add-flow br0 in_port=3,ip,dl_vlan=200,nw_src=10.10.10.10,actions=output:1cc add-flow br0 in_port=4,ip,dl_vlan=200,nw_src=10.10.10.10,actions=output:1

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: aggregation one 2 x 1 Gbit link to 2 Gbit copper outputs

The two SFP ports of the EX2 can be equipped with copper SFP as well. There is a limitation, these ports only support Gbit line speed. (use 1000 BT SFP only, no 10/100/1000 BT SFP). If you do so the EX2 supports 6 copper ports.

In this example we show how you can tap two copper links inline and send the traffic to two copper outputs at the same time.

CLI commands:

cc add-flow br0 in_port=1,actions=output:,3,5,6cc add-flow br0 in_port=3,actions=output:,1,5,6

cc add-flow br0 in_port=2,actions=output:4,5,6cc add-flow br0 in_port=4,actions=output:2,5,6

Link1

Link2

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: 10 Gbit <-> 1 Gbit media-converter

The EX2 can also work as ”simple” media converter. But not only to convert the media layer (optical - electrical). The Packetmaster can also convert between the bandwidths 1 Gbit - 10 Gbit in order to connect a 1 Gbit device to a 10 Gbit network and vice versa.

CLI commands:


Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: SFP Testing

Sometimes you have the need to test SFP. If you have an EX 2 this is simple. Connect the SFP in one port, on the other port you need also an SFP. Just make a loop between the SFPs and check if link LED comes on.

Detailed reading of the SFPs can be done with the following CLI commands:

configshow transceiverexit

configshow transceiver detailexit

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: SFP Testing

Port port-5 transceiver info: Transceiver Type: 1000BASE-LX Transceiver Vendor Name : CISCO-FINISAR Transceiver PN : GP3124L2CD-C Transceiver S/N : GS1111150026 Transceiver Output Wavelength: 1310 nmSupported Link Type and Length: Link Length for 9/125um single mode fiber: 10 km Link Length for 9/125um single mode fiber: 10000 m Link Length for 50/125um multi-mode fiber: 550 m Link Length for 62.5/125um multi-mode fiber: 550 m----------------------------------------------------------------------------Transceiver is externally calibrated.mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable. ++ : high alarm, + : high warning, - : low warning, -- : low alarm. The threshold values are calibrated. ---------------------------------------------------------------------------- High Alarm High Warn Low Warn Low Alarm Temperature Threshold Threshold Threshold Threshold Port (Celsius) (Celsius) (Celsius) (Celsius) (Celsius) --------- ------------------ ---------- ---------- ---------- ---------- port-5 39.86 100.00 95.00 -45.00 -50.00 ---------------------------------------------------------------------------- High Alarm High Warn Low Warn Low Alarm Voltage Threshold Threshold Threshold Threshold Port (Volts) (Volts) (Volts) (Volts) (Volts) --------- ------------------ ---------- ---------- ---------- ----------port-5 3.29 3.70 3.60 3.00 2.90 ---------------------------------------------------------------------------- High Alarm High Warn Low Warn Low Alarm Current Threshold Threshold Threshold Threshold Port (milliamperes) (mA) (mA) (mA) (mA) --------- ------------------ ---------- ---------- ---------- ----------port-5 17.00 65.00 60.00 12.00 10.00 ---------------------------------------------------------------------------- Optical High Alarm High Warn Low Warn Low Alarm Transmit Power Threshold Threshold Threshold Threshold Port (dBm) (dBm) (dBm) (dBm) (dBm) --------- ------------------ ---------- ---------- ---------- ---------- port-5 -7.33 1.00 0.00 -12.00 -13.00 ---------------------------------------------------------------------------- Optical High Alarm High Warn Low Warn Low Alarm Receive Power Threshold Threshold Threshold Threshold Port (dBm) (dBm) (dBm) (dBm) (dBm) --------- ------------------ ---------- ---------- ---------- ---------- port-5 -40.00 -- 1.00 0.00 -26.02 -26.99 ----------------------------------------------------------------------------

Port port-6 transceiver info: Transceiver Type: 1000BASE-LX Transceiver Vendor Name : FINISAR CORP. Transceiver PN : FTLF1318P2BCL-PR Transceiver S/N : H62E355 Transceiver Output Wavelength: 1310 nmSupported Link Type and Length: Link Length for 9/125um single mode fiber: 4 km Link Length for 9/125um single mode fiber: 4000 mDigital diagnostic is not implemented.

With DMM feature Without DMM feature

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Device - Device Info

Allows setting Device Name and Notes

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Device - Device Info

Pressing displays Transceiver Details• Vendor• Product number• Wavelength• max. Link length• Thresholds• Alarms• Temperature• Voltage• Current• Optical Power Tx• Optical Power Rx

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EXFirmware Upgrade Procedure

High Performance Desktop Network Packet Broker

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


1. Connect to your CUBRO Packetmaster EX via the Ethernet Management Interface

Packetmaster EXSoftware Upgrade Procedure

Ethernet Management Port

2. Enter the IP of the Packetmaster in your web browser (Factory default: 192.168.0.200)

The Packetmaster will automatically start up with the Rule Table (empty on first bootup)

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net



3. Press „Device“ tab and select „Device Info“

Currently installed Software Version

4. Press „Download Upgrade Images“ link! You need an internet connection to access the firmware images. Alternatively point your web browser to http://www.cubro.net/cubro/update/ and manually choose your type of Packetmaster EX

http://www.cubro.net/cubro/update/

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net



5. Select the desired firmware image (usually latest)

Click to download to your PC locally

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net



6. Press „Device“ tab and select „Firmware Upgrade“

7. Drag and drop update file into EX Web GUIAlternatively you can click and manually select the file path on your PC

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net



8. Press „Upgrade from X.X.X to latest“

9. Click „Apply Update Now! All Rules and Filters on Packetmaster will be deleted !

Upload will take approximately 2 minutes

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net



10.Wait approximately 4 minutes for upgrade

Packetmaster EX will reboot during upgrade process

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net



11.Press „Device“ tab and select „Device Info“ to check new software version

Currently installed Software Version

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net



Congratulations! You successfully finished the update of your CUBRO

Packetmaster!

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Stacking of Rules / Overlapping Flows

ALL incoming traffic from port 1 should be sent to port 6 while traffic with the IP source address of 192.168.1.1 from port 1 should be sent to port 5. As a 1st attempt lets try following flows:

cc add-flow br0 in_port=1,actions=output:6cc add-flow br0 in_port=1,ip,nw_src=192.168.1.1,actions=output:5

These flows will produce an error because you have a wildcard and a specific flow The reason is that the packet will be processed by the first flow. All packets are going to Port 6 and then there is no packet any more. If you want to stack rules you can this by be using an additional priority field.

The priority at which a wild carded entry will match in comparison to others. Value is a number between 0 and 65535, inclusive. A higher value will match before a lower one. An exact-match entry will always have priority over an entry containing wildcards, so it has an implicit priority value of 65535. When adding a flow, if the field is not specified, the flow’s priority will default to 32768. So the flows should look like this:

cc add-flow br0 in_port=1,ip,nw_src=192.168.1.1,priority=40000,actions=output:5,6cc add-flow br0 in_port=1,priority=30000,actions=output:6

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Stacking of Rules / Overlapping Flows

Required Functionality• Port 1: input• Port 2: input• Port 3: input • Port 4: input• Port 5: output – aggregate VLAN ID 100 traffic from Port 1 to 4 • Port 6: output – aggregate all traffic from port 1 to 4

Flows:cc add-flow br0 in_port=1,dl_vlan=100,priority=40000,actions=output:5,6cc add-flow br0 in_port=2,dl_vlan=100,priority=40000,actions=output:5,6cc add-flow br0 in_port=3,dl_vlan=100,priority=40000,actions=output:5,6cc add-flow br0 in_port=4,dl_vlan=100,priority=40000,actions=output:5,6cc add-flow br0 in_port=1,priority=30000,actions=output:6cc add-flow br0 in_port=2,priority=30000,actions=output:6cc add-flow br0 in_port=3,priority=30000,actions=output:6cc add-flow br0 in_port=4,priority=30000,actions=output:6

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: Aggregation 3 x 1 Gbit ports (from span ports) to 1 Gbit copper output for a specific UDP and TCP Port

CLI Commands (for TCP Destination Port 80)

cc add-flow br0 in_port=2,ip,nw_proto=6,tp_dst=80,actions=output:1cc add-flow br0 in_port=3,ip,nw_proto=6,tp_dst=80,actions=output:1cc add-flow br0 in_port=4,ip,nw_proto=6,tp_dst=80,actions=output:1

only specific TCP Destination or Source Port

– e.g. 80

In order to get also traffic with TCP Source Port 80 then following CLI commands needs to be added:

cc add-flow br0 in_port=2,ip,nw_proto=6,tp_src=80,actions=output:1cc add-flow br0 in_port=3,ip,nw_proto=6,tp_src=80,actions=output:1cc add-flow br0 in_port=4,ip,nw_proto=6,tp_src=80,actions=output:1

For UDP traffic replace nw_proto=6 with nw_proto=17

More protocol numbers can be found on http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Application: Drop specific traffic

Packetmaster EX2

In addition to the “output action” the EX2 supports also action=drop. Drop means that specified traffic is getting discarded by the EX2.

E.g. Drop all incoming http traffic at Port 1 and forward the remaining traffic to port 1

CLI Commands (for TCP Destination & Source Port 80)

cc add-flow br0 In_port=2,ip,nw_proto=6,tp_dst=80,priority=40000,actions=dropcc add-flow br0 in_port=2,ip,nw_proto=6,tp_src=80,priority=40000,actions=dropcc add-flow br0 in_port=2,priority=30000,actions=output:1

Note: Drop flow can reduce the number of output flows dramatically

Drop of ICMP messages: cc add-flow br0 ip,nw_proto=1,actions=drop

Drop of ARP messages: cc add-flow br0 dl_type=0x0806,actions=drop

Input Port is not specified in this case the flow is valid for all ports!

All traffic including http

All traffic excluding http

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: VLAN tag removal (VLAN pop function)

CLI Command to remove VLAN tag from packet at input 1 and send traffic to output 2 )

cc add-flow br0 in_port=1,actions=pop_vlan,output:2

CLI Command to remove VLAN tag with ID=200 and send traffic to output 2;all other traffic is removed

cc add-flow br0 in_port=1,dl_vlan=200,actions=pop_vlan,output:2

Input Traffic Output Traffic

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: Add VLAN tag removal (VLAN push function)

EX2 allows to add a VLAN tag to the traffic. This function can be used to mark the traffic at the input ports so that at an aggregated output it is still visible at which input port the traffic originally came from.

CLI Command to add VLAN tag ID100 at input 1 and send traffic to output 3

cc add-flow br0 "in_port=1,actions=push_vlan:0x8100,set_field:100->vlan_vid,output:3"Note: “ “ are required in the CLI command

If the incoming traffic has already VLAN tag the new/added VLAN tag will be the outer tag

Input Traffic Output Traffic

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: Loopback/Responder for testing purposes

EX2 allows to set input port equal to output port acting as a Layer 1 loopback

CLI command:cc add-flow br0 in_port=1,actions=output:1

Moreover, the EX2 allows to change MAC addresses, IP Destination address as well as UDP/TCP Destination Port Numbers and send out the traffic again at the same port thus the EX2 can be used as Layer 2, 3 and 4 loopback

Change MAC Source and Destination Addresscc add-flow br0 “in_port=1,actions=set_field:00:00:00:00:00:01->eth_src,set_field:00:00:00:00:00:02->eth_dst,output:1“

Change IP Destination Addresscc add-flow br0 “in_port=1,ip,actions=set_field:10.0.0.2->ip_dst,output:1“

Change TCP Destination Portcc add-flow br0 “in_port=1,ip,tcp,actions=set_field:1000->tp_dst,output:1“

Change MAC Source&Destination, IP Destination Adress and UDP Port Numberovs-ofctl add-flow br0 “in_port=1,ip,tcp,actions=set_field:00:00:00:00:00:01->eth_src,set_field:00:00:00:00:00:02->eth_dst, set_field:10.0.0.2->ip_dst,set_field:1000->tp_dst,output:1“

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: Traffic Generation EX2 allows to generate traffic – e.g. to generate an ARP message, ping or any other message.The EX2 can send out a string of hex bytes.

CLI command:cc packet-out br0 local output:1 "FF FF FF FF FF FF 00 00 00 00 00 01 08 06 00 01 08 00 06 04 00 01 00 00 00 00 00 01 0A 00 00 01 00 00 00 00 00 00 0A 00 00 02 00 00 00 00 00 00 00 00 00 00“This command sends a single packet; a continues stream of packets can be produced via a script.

Wireshark decodes this information as follows:

Performance is about 40 to 50 packets per second.

By copying hex data from wireshark any packet content can be produced.:

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: Control the Packetmaster via Wi-Fi

The EX2 can be managed and controlled remotely using a Wi-Fi bridge. In this way a laptop computer with only one Ethernet port can be used for management (using Wi-Fi) and Traffic monitoring (using the Ethernet port) simultaneously.

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: Capture traffic from a 10 Gbit link with remote control

In case your computer only offers one NIC card werecommend using the CUBRO Ethernet - USBconverter. This plug and play device adds two fullEthernet interfaces to your computer via USB

The additional 2 Ethernet ports allow to manage the EX2, monitor the traffic and connect to the internet at the same time. In this way a remote operation and monitoring can be accessed from anywhere.

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Application: traffic inserter …. No better name

This application is maybe a little special but it shows once more how many nice features the Packetmaster is offering.

The idea is to insert the EX2 in a live 10 Gbit link, and connect a standard PC to this link. The Packetmaster works like a "switch” but offers full control and the 1 Gbit PC can be part of a 10 Gbit network.

The IP or the MAC address of the PC must be known!

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX2

Support / Additional Questions

EMEA North America APAC

Cubro Acronet GesmbHGeiselbergstr. 17/6.OG1110 ViennaAustria

Tel.: +43 1 29826660Fax: +43 1 2982666399

Email: [email protected]

If you have any additional question or need help contact us.

Cubro US337 West Chocolate AveHershey, PA 17033

Tel.:717-576-9050Fax.: 866-735-9232

Sam ReedEmail: [email protected]

Cubro Singapore

Tel.: +65-97255386

JoeEmail: [email protected]

www.cubro.net

Data & Analytics

Packetmaster ex2 quick_start_guide v1.1 20150910