Packetlogic Product Guide v12 2

7/13/2019 Packetlogic Product Guide v12 2

1/289

PacketLogic Product GuideRelease 12.2


2/289

PacketLogic Product Guide

Copyright

Portions of the documents can be copied and pasted to your electronic mail or word-processing

applications for your personal use only, but cannot be distributed to third parties. In no eventmay you copy or use this information for any commercial purposes except the operation of prod-ucts from Procera Networks, Inc. and you may not transmit this information to third partieswithout the consent of Procera Networks, Inc.

IT IS ILLEGAL TO COPY (FOR OTHER THAN BACK-UP PURPOSES) THE CONTENTS OFTHIS DOCUMENTATION OR TO POST THE CONTENTS ON THE INTERNET WITHOUT THEEXPRESS PRIOR WRITTEN CONSENT FROM AN AUTHORIZED OFFICER OF PROCERANETWORKS, INC. OR NETINTACT AB.

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MAN-UAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION,AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT

ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERSMUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

Netintact, PacketLogic, the PacketLogic logo, and Netintact logos are registered trademarks ofNetintact AB in Sweden and certain other countries. Procera Networks and the Procera Networkslogo is the registered trademark of Procera Networks, Inc. All other trademarks mentioned in thisdocument are the property of their respective owners.

Copyright 2001-2009 by Procera Networks, Inc.

Revision: 1.3

2


3/289


About This Manual

Revision: 1.3

This document is intended as a description of and instruction for the PacketLogic Generation 2product series. This document is applicable to the third release of protocol version 12 of Packet-Logic (version 12.2).

3


4/289


Contents

1 Introduction 18

1.1 About PacketLogic Generation 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.2 Areas of Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.3 User Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.1 Integration Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4 This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.5 TECH: Technical Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2 New in Version 12 21

2.1 Release 12.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.1.1 Client Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.1.2 Flow Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.1.3 PL10000 Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.1.4 Flexible Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.1.5 Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.1.6 Connection Quality Measurements. . . . . . . . . . . . . . . . . . . . . . . . 22

2.2 Release 12.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.2.1 Queue Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.2.2 Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.2.3 Dynamically Loadable Signatures . . . . . . . . . . . . . . . . . . . . . . . . 22

2.2.4 New Flow Behaviour Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.2.5 Connection Protection can be Disabled . . . . . . . . . . . . . . . . . . . . . 22

2.2.6 Physical Monitor Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.2.7 RADIUS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.3 Release 12.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.3.1 Local Statistics Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.3.2 Volume-based Shaping (VBS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.3.3 External Authentication Improved . . . . . . . . . . . . . . . . . . . . . . . . 23

2.3.4 Divert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.3.5 Sub-item Count in Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.3.6 Connection logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.3.7 Statistics Distributed by Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.3.8 CSV Export of Statistical Data. . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.3.9 Statistics Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4


5/289


2.3.10 Statistics Linking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.3.11 Total Graphs Collected in System Overview . . . . . . . . . . . . . . . . . . 24

2.3.12 Depth Limit on AS Paths in Statistics . . . . . . . . . . . . . . . . . . . . . . 24

2.3.13 Statistics Distribution for Remote Virtual Host . . . . . . . . . . . . . . . . . 24

2.3.14 Audit Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.3.15 Quality Metrics (QoE) enhanced . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.3.16 Support for Forwarding Jumbo Frames . . . . . . . . . . . . . . . . . . . . . 25

2.3.17 DSCP and Channel Information in LiveView and Ruleset. . . . . . . . . . . 25

2.3.18 Shaping Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.3.19 Channel Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.3.20 Statistics Zooming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.3.21 Statistics Peak Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.3.22 System Diagnostics Minima . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.3.23 Channel Information in System Overview . . . . . . . . . . . . . . . . . . . 25

2.3.24 Time Stamps in Channel View . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.3.25 NetObject Counters in LiveView . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.3.26 95th Percentile in Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.3.27 CommitLog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.3.28 Object Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.3.29 Other Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

3 Key Concepts 27

3.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.2 Traffic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.2.1 Packet-Based Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.2.2 Flow Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.2.3 Border Gateway Protocol (BGP) . . . . . . . . . . . . . . . . . . . . . . . . . 293.2.3.1 Position Representation in AS Paths. . . . . . . . . . . . . . . . . . 30

3.2.4 Quality Measurement Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . 30

3.3 TECH: Software Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.3.1 Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.3.1.1 Engine in the PL10000. . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.3.1.2 Reaper in the PL10000. . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.3.1.3 Datastream Recognition Definition Language (DRDL) . . . . . . . 32

3.3.2 PacketLogic Daemon (PLD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.3.2.1 Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

5


6/289


3.3.3 PacketLogic Database Daemon (PLDB) . . . . . . . . . . . . . . . . . . . . . 33

3.3.3.1 PLDB in a PLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.3.3.2 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.3.3.3 External Authentication Sources . . . . . . . . . . . . . . . . . . . . 34

3.3.4 PacketLogic Statistics Daemon (PLSD). . . . . . . . . . . . . . . . . . . . . . 35

3.3.5 Internal Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.3.6 Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.3.7 Local, Remote, Incoming, and Outgoing. . . . . . . . . . . . . . . . . . . . . 35

3.3.8 Client/Server versus Source/Destination . . . . . . . . . . . . . . . . . . . . 35

3.4 Traffic Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.5 Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.6 Objects and Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.6.1 Object Types for Traffic Identification . . . . . . . . . . . . . . . . . . . . . . 37

3.6.1.1 NetObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.6.1.2 PortObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.6.1.3 ProtocolObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.6.1.4 ServiceObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.6.1.5 TimeObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3.6.1.6 ASPathObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3.6.1.7 VLANObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.6.1.8 DSCPObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.6.1.9 ChannelObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.6.1.10 PropertyObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.6.1.11 FlagObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3.6.1.12 MPLSObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.6.1.13 SystemObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.6.2 Nesting and Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423.6.3 Object - Item Relationships (or, and, exclude) . . . . . . . . . . . . . . . . . . 43

3.6.3.1 Exclude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3.6.4 Object Types for Traffic Management . . . . . . . . . . . . . . . . . . . . . . 44

3.6.4.1 RewriteObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

3.6.4.2 ShapingObjects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.6.4.3 StatisticsObjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.6.5 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.6.5.1 Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.6.5.2 Filtering Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

6


7/289


3.6.5.3 Shaping Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3.6.5.4 Statistics Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

3.7 Network Impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

3.7.1 MTU Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

3.7.2 Connection Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

4 PacketLogic Traffic Shaping 49

4.1 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

4.2 How Traffic Shaping Works: An Overview . . . . . . . . . . . . . . . . . . . . . . . 49

4.2.1 What PacketLogic Does . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

4.2.2 Priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4.2.2.1 Priority 0 Fast Lane . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

4.2.3 Borrowing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.2.4 Split By. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.2.4.1 Split by Considerations . . . . . . . . . . . . . . . . . . . . . . . . . 54

4.2.5 Shaping Bits, Packets, or Connections . . . . . . . . . . . . . . . . . . . . . . 55

4.2.6 Limiting Concurrent Connections . . . . . . . . . . . . . . . . . . . . . . . . 55

4.3 Monitoring the Shaping System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.4 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554.4.1 Limiting a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.4.2 Limiting Each Host on a Network . . . . . . . . . . . . . . . . . . . . . . . . 56

4.4.3 Limiting Overall FTP to 2 Mbps . . . . . . . . . . . . . . . . . . . . . . . . . 56

4.5 Volume-Based Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

4.5.1 Implementation and Configuration . . . . . . . . . . . . . . . . . . . . . . . 57

4.5.2 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

4.5.2.1 ShapingObject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

4.5.2.2 Time t2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594.5.2.3 Time t3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4.5.2.4 Time t4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4.5.2.5 Time t5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

4.5.3 TECH: Borrowing and VBS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

4.6 TECH: Queueing Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

4.6.1 Packet Queueing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

4.6.2 Flow Based Queueing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

4.6.3 Queue Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

4.6.3.1 Tuning the Queue Synchronization Algorithm. . . . . . . . . . . . 62

7


8/289


4.6.4 Parallel Queueing Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

4.6.5 Queueing Versus Window Scaling . . . . . . . . . . . . . . . . . . . . . . . . 62

4.6.6 Latency. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

4.6.7 Fairness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

4.6.7.1 Connection Fairness . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

4.6.7.2 Host Fairness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

4.6.8 Fine-tuning the Shaping System . . . . . . . . . . . . . . . . . . . . . . . . . 64

4.6.8.1 Recommended Values. . . . . . . . . . . . . . . . . . . . . . . . . . 66

5 PacketLogic Filtering 67

5.1 Maintaining Filtering Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

5.1.1 Understanding a Rule Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

5.1.2 Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

5.1.2.1 Accept. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

5.1.2.2 Reject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

5.1.2.3 Drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

5.1.2.4 Rewrite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

5.1.2.5 Divert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

5.1.2.6 Inject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695.1.3 Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

5.1.3.1 DHCP Snooper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

5.1.3.2 Monitor Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

5.1.3.3 PCAP/PCAP-2 Writer. . . . . . . . . . . . . . . . . . . . . . . . . . 71

5.1.3.4 PL-TAP #1/#2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

5.1.3.5 RADIUS Snooper . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

5.1.3.6 SIP Snooper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

5.1.3.7 GRE Tunneling Monitored traffic . . . . . . . . . . . . . . . . . . . 735.1.4 Rule List Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

5.1.5 Using the Log Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

5.2 Monitoring the Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

5.2.1 Filtering Log View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

5.2.2 Sending the Filtering Log to Syslog . . . . . . . . . . . . . . . . . . . . . . . 75

5.3 Filtering default behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

5.3.1 Using the Accept All Except These - Approach . . . . . . . . . . . . . . . 75

5.3.2 Using the Reject All Except These - Approach . . . . . . . . . . . . . . . . 75

5.4 TECH: Divert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

8


9/289


5.4.1 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

5.4.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

5.4.2.1 Heartbeats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

5.4.2.2 Diverting to Layer 3 Routing Devices . . . . . . . . . . . . . . . . . 77

6 PacketLogic Statistics 79

6.1 Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

6.1.1 Charts and graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

6.1.2 Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

6.1.3 Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

6.1.3.1 Depth and Object Root . . . . . . . . . . . . . . . . . . . . . . . . . 82

6.1.3.2 Depth in AS Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

6.1.3.3 Aggregation and Linking . . . . . . . . . . . . . . . . . . . . . . . . 85

6.1.3.4 Graphing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

6.1.3.5 Peak Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

6.1.4 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.2.1 PLR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.2.1.1 PLR with Local Statistics Storage . . . . . . . . . . . . . . . . . . . 876.2.1.2 PLR with Separate PLS . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.2.2 PLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.2.2.1 Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.3 TECH: Performance Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

6.4 TECH: Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

6.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

6.4.2 Statistical Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

6.4.3 Statistical Data Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896.4.3.1 Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

6.4.3.2 Storage Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

6.4.3.3 Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

6.4.3.4 Backup, Restore, and Archiving . . . . . . . . . . . . . . . . . . . . 90

6.5 TECH: Comparison to Alternative Storage Architectures . . . . . . . . . . . . . . . 90

6.6 Connection Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

6.7 Connection Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

6.7.1 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

6.7.2 Usage overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

9


10/289


6.7.3 Available criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

6.7.4 Stored details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

6.7.5 Storage considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

6.8 PythonAPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

7 The PacketLogic Client Interface 94

7.1 Command Line Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

7.2 System Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

7.2.1 Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

7.2.1.1 Use Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

7.2.1.2 Connecting to multiple PacketLogic systems. . . . . . . . . . . . . 95

7.3 Status Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

7.4 Drop-Down Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

7.4.1 File Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

7.4.2 Edit Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

7.4.2.1 Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

7.4.3 View Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

7.4.4 Tools menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

7.4.5 Help Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 987.5 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

7.5.1 Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

7.5.2 Totals Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

7.5.3 Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

7.5.4 View Menu in System Overview . . . . . . . . . . . . . . . . . . . . . . . . . 100

7.6 LiveView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

7.6.1 View Menu in LiveView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

7.6.2 Local Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1037.6.3 Service Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

7.6.4 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

7.6.5 Shaping Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

7.6.6 Filtering Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

7.6.7 Filtering Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

7.6.8 System Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

7.6.8.1 Alert Limits Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

7.6.9 Channel Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

7.6.10 Dynamic Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

10


11/289


7.7 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

7.7.1 Full Screen Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

7.7.2 Bar Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

7.7.2.1 Tool Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

7.7.2.2 Include . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

7.7.3 Pie Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

7.7.3.1 Tool Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

7.7.4 Line and Stacked Area Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

7.7.4.1 95th Percentile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

7.7.4.2 Zooming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

7.7.4.3 Peak Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

7.7.5 Location Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

7.7.6 Calendar Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

7.7.7 Bookmark Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

7.7.7.1 Add/Edit Bookmark . . . . . . . . . . . . . . . . . . . . . . . . . . 114

7.7.8 View Menu in Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

7.7.9 Bookmarks Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

7.8 Main Toolbar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

7.9 Editors and Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

7.9.1 Objects & Rules Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

7.9.1.1 Toolbar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

7.9.1.2 NetObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

7.9.1.3 PortObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

7.9.1.4 ProtocolObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 118

7.9.1.5 ServiceObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

7.9.1.6 TimeObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

7.9.1.7 VlanObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1197.9.1.8 PropertyObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 119

7.9.1.9 FlagObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

7.9.1.10 MPLSObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

7.9.1.11 RewriteObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 119

7.9.1.12 ShapingObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 120

7.9.1.13 StatisticsObject Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 120

7.9.1.14 Filtering Rule Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . 121

7.9.1.15 Shaping Rule Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

7.9.1.16 Statistics Rule Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 123

11


12/289


7.9.2 User Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

7.9.2.1 Database Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . 124

7.9.2.2 LiveView Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . 125

7.9.2.3 Host Access List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

7.9.2.4 Toolbar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

7.9.3 Host Trigger Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

7.9.3.1 Toolbar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

7.9.4 Backup Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

7.9.4.1 Toolbar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

7.9.5 File Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

7.9.5.1 Toolbar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

7.9.6 Log Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

7.9.6.1 Toolbar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

7.9.7 Connection Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

7.9.8 Resource Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

7.9.9 Channel Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

7.9.10 Log Levels Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

7.9.11 System Configuration Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

8 Webstatistics 134

8.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8.2 Version 12 Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8.3 The Webstatistics Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8.3.1 Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8.3.2 Main Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8.3.3 Statistics Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

8.3.3.1 Right-click Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1368.3.4 Traffic Statistics Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8.3.4.1 Speed View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8.3.4.2 Data View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8.3.4.3 Distribution View . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

8.3.5 Toplist Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

8.3.5.1 Top Hosts View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

8.3.5.2 Combo Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

8.3.5.3 Top TCP Services View . . . . . . . . . . . . . . . . . . . . . . . . . 139

8.3.6 Tool Menu Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

12


13/289


8.3.6.1 PL2 Path Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

8.3.7 Pop-up Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

8.3.7.1 CPU-Load View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

8.3.7.2 Channel-1 Speed View . . . . . . . . . . . . . . . . . . . . . . . . . 142

8.3.7.3 Connections View . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

8.3.7.4 Hosts View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

8.3.7.5 Hostinfo View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

8.3.7.6 FW log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

8.3.7.7 Collected Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

8.4 Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

8.4.1 BGP Graph Object Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 145

8.4.2 Chart Layouts Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

8.4.3 Chart and Menu Fonts Configuration . . . . . . . . . . . . . . . . . . . . . . 145

8.4.4 WebStats Language Configuration . . . . . . . . . . . . . . . . . . . . . . . . 146

8.4.5 WebStats Layout Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . 146

8.5 Custom Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

8.5.1 Magic Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

9 The Command Line Interface 1489.1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.2 Serial Port Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.3 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.3.1 Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.3.1.1 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.3.1.2 Ping IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.3.1.3 Admin Duplex Settings . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.3.1.4 AUX Duplex Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 1499.3.1.5 Chassis configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.3.1.6 SFP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.3.1.7 Connection Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.3.1.8 Hostname. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.3.2 NTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.3.3 SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.3.4 System Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

9.3.4.1 Change Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

9.3.4.2 Reload/Reboot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

13


14/289


9.3.4.3 Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

9.3.4.4 Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

9.3.4.5 Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

9.3.4.6 Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

9.3.4.7 Timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

9.3.4.8 Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

9.3.4.9 Manage software raid . . . . . . . . . . . . . . . . . . . . . . . . . . 154

9.3.4.10 SSH Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

9.3.4.11 SSHD Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

9.3.5 PacketLogic License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

9.3.6 Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

9.3.6.1 Update firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

9.3.6.2 Update firmware from own server . . . . . . . . . . . . . . . . . . 155

9.3.6.3 Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

9.3.6.4 Update notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

9.3.6.5 Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

9.3.6.6 Update signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

9.3.6.7 Update signatures from own server . . . . . . . . . . . . . . . . . . 156

10 Common Procedures in PacketLogic 157

10.1 Backup and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

10.1.1 Client Backup Versus CLI Backup . . . . . . . . . . . . . . . . . . . . . . . . 157

10.1.2 Taking a Backup in the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

10.1.3 Taking a Backup in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

10.1.4 Restoring a Backup in the Client . . . . . . . . . . . . . . . . . . . . . . . . . 160

10.1.5 Restoring a Backup in the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . 161

10.2 Updating PacketLogic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

10.2.1 PL10000 Update Measures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

10.3 Enabling Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

10.3.1 DHCP or Radius Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

10.3.2 SIP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

10.4 Capturing Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

10.4.1 Capturing Traffic for a Specific Application . . . . . . . . . . . . . . . . . . . 166

10.4.2 Capturing Unknown Traffic in PacketLogic . . . . . . . . . . . . . . . . . . . 169

10.5 Configuring BGP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

11 Centralized Management 173

14


15/289


11.1 Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

11.1.1 Proxy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

11.1.2 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

11.2 Recommended Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

12 Monitoring PacketLogic 176

12.1 Performance Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

12.1.1 Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

12.1.2 Connsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

12.1.3 DRDL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

12.1.4 Dynamic Ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17912.1.5 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

12.1.6 Load Balancer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

12.1.7 Packet Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

12.1.8 PLDB Statwriter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

12.1.9 PLSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

12.1.10 IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

12.1.11 TCPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

12.1.12 Ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

12.1.13 Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

12.2 Configuring an SNMP Management Station . . . . . . . . . . . . . . . . . . . . . . . 185

12.2.1 Installing the PacketLogic MIB . . . . . . . . . . . . . . . . . . . . . . . . . . 185

12.2.2 Example: Polling a Value Using snmpget . . . . . . . . . . . . . . . . . . . . 185

12.2.3 Example: Polling a Set of Values Using snmpwalk . . . . . . . . . . . . . . . 186

12.2.4 Setting up a Trap Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

13 Triggers 188

13.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18813.2 Host Triggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

13.3 Filtering Triggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

13.4 Using, Adding and Modifying Triggers . . . . . . . . . . . . . . . . . . . . . . . . . 188

13.4.1 Example: Using a Trigger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

13.4.2 Example: Modifying an Existing Trigger . . . . . . . . . . . . . . . . . . . . 189

13.5 Trigger Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

13.5.1 Trigger Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

13.5.1.1 Filtering Trigger Attributes . . . . . . . . . . . . . . . . . . . . . . . 191

13.5.1.2 Host Trigger Attributes . . . . . . . . . . . . . . . . . . . . . . . . . 191

15


16/289


13.5.2 Debugging Triggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

13.5.3 Trigger Code Skeletons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

13.5.3.1 Filtering Trigger Code Skeleton . . . . . . . . . . . . . . . . . . . . 192

13.5.3.2 Host Trigger Code Skeleton . . . . . . . . . . . . . . . . . . . . . . 192

14 Appendixes 193

14.1 System Configuration Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

14.2 Keyboard Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

14.2.1 General Shortcuts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

14.2.2 Main Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

14.2.3 Backup Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

14.2.4 File Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

14.2.5 Log Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

14.2.6 System Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

14.2.7 Objects & Rules Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

14.2.8 System Configuration Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

14.2.9 User Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

14.2.9.1 Tech Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

14.2.9.2 Resource Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20214.2.10 Statistics Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

14.2.10.1 Bookmark Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

14.2.10.2 Calendar Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

14.2.11 LiveView. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

14.3 System diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

14.3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

14.3.2 BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

14.3.3 Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20514.3.4 Connsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

14.3.5 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

14.3.6 DRDL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

14.3.7 Dynamic Ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

14.3.8 Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

14.3.9 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

14.3.10 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

14.3.11 IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

14.3.12 Load Balancer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

16


17/289



14.3.14 PLDB Statwriter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

14.3.15 PLSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

14.3.16 PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

14.3.17 Queue sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

14.3.18 Ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

14.3.19 Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

14.3.20 Shaping counter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

14.3.21 SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

14.3.22 TCPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

14.3.23 Webstats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

14.4 SNMP in PacketLogic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

14.4.1 Channel Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

14.4.2 Channel Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

14.4.3 Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

14.4.4 Connsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

14.4.5 DRDL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

14.4.6 Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

14.4.7 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24314.4.8 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

14.4.9 IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

14.4.10 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

14.4.11 PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256


14.4.13 Ruleset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

14.4.14 Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

14.4.15 TCPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

14.5 Flow Sync protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

14.6 GRE Snooper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

14.7 Freeradius Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

14.8 Cisco TAC PLUS Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . 287

Index 288

17


18/289


1 Introduction

This chapter provides a description of the PacketLogic product, its specifications and use.

1.1 About PacketLogic Generation 2

PacketLogic Generation 2 is a scalable traffic management product for all types of network en-vironments. PacketLogic performs deep packet and flow inspection on Internet Protocol (IP)packets, and classifies their content using Datastream Recognition Definition Language (DRDL)in an efficient and fast packet analysis engine. The result of this analysis is a comprehensivereal-time view of the traffic flowing in a network. This includes applications transmitting and re-ceiving the traffic (known as services in PacketLogic), server and client identification, bandwidthuse, and properties specific to services (such as the caller in a Voice over IP (VoIP) call). The list of

services identified by DRDL is updated frequently, and a user may also define traffic recognitionfor proprietary services.

This constitutes theLiveViewmodule, which is the core of PacketLogic. To put this informationto use, there are additional modules available, listed below. The modules enabled on a Packet-Logic determine the functionality available. For example, if the Traffic Shaping module is notenabled, the functions related to traffic shaping will not be visible in the client or available usingthe API.

Filtering The Filtering module adds the possibility to selectively allow or deny access topackets, based on their classification. This allows filtering rules with a greater level ofdetail than port numbers, source IP addresses, and other packet header fields. The filteringmodule also enables packet rewriting, which can be used to redirect users, for example to a

login web page. For details on the Filtering module, see section5.

Traffic ShapingThe Traffic Shaping module enables bandwidth management based on theclassification from the LiveView module. Traffic Shaping can be performed on the samelevel of detail as is available to the filtering (host identities, services, time, and many more).Traffic shaping enables both bandwidth limiting and traffic prioritization. For details onthe Traffic Shaping module, see section4.

StatisticsThe Statistics module stores data from the LiveView module over time, enablinganalysis of traffic patterns on a network to optimize the traffic (for example, by fine-tuningrules in the Filtering or Traffic Shaping modules). For detail on the Statistics module, seesection6.

There are also specialized modules to enable certain functions in PacketLogic:

BGP- enables traffic management based on BGP (AS path) information

Volume Based Shaping(VBS) - enables traffic shaping using a sophisticated volume-basedshaping algorithm which circumvents the pitfalls of regular volume-based schemes. Forinformation on VBS, see section4.5.

1.2 Areas of Use

The PacketLogic can be used for any purpose where keeping track of the traffic flowing in anetwork is useful. The following are examples of such purposes:

Protecting the network from malicious traffic

18


19/289


Limiting the bandwidth for bandwidth-consuming applications

Troubleshooting network problems

Enforcing network policies

1.3 User Interfaces

The ClientThe PacketLogic has an intuitive client interface, allowing a low knowledge threshold forenabling effective traffic management in a network. The PacketLogic is powerful enough,however, to allow a more experienced user an almost arbitrary level of detail in the moni-toring and management of traffic. For further information on the client, see section7.

The APIFor automation of tasks and integration with other network nodes (such as billing sys-tems or customer databases), a comprehensive Application Programming Interface (API)is available as a Python module. For further information on the API, please see http://python.proceranetworks.com .

The ConsoleFor basic configuration tasks when setting up the PacketLogic, troubleshooting, and certainsystems administration tasks, a menu-based console interface is available, either locally ona serial port or remotely using a secure shell (SSH). For a description of the console interface,see section9.

SNMP

PacketLogic supports monitoring through the Simple Network Management Protocol (SNMP).For information on the values available, please see the SNMP appendix (section 14.4).

1.3.1 Integration Capabilities

The PacketLogic supports automatized interaction using the PacketLogic PythonAPI. To performmore advanced integration tasks, for example with subscriber authentication services and busi-ness systems, a PacketLogic Subscriber Manager (PSM) can be deployed together with one ormore PacketLogic systems. For more information on this, see the PSM Product Guide and con-tact the local PacketLogic sales representative.

1.4 This ManualThis manual can be read back to front or section by section as the need arises. Reading thismanual and using the PacketLogic requires only basic knowledge in IP networking, but deeperknowledge in networking will allow a more powerful and flexible use of the PacketLogic fea-tures.

This manual focuses on using and configuring the PacketLogic software. For each hardwareplatform there is a separate Hardware Guide available, containing specifications and installationdetails.

This manual will first go through what is new in version 12 of PacketLogic, for those who arealready familiar with PacketLogic and its use.

Then there is an overview of a few key conceptsin PacketLogic. This section will introduce theapproach, terminology and technology PacketLogic uses. This information applies regardless of

19
http://python.proceranetworks.com/http://python.proceranetworks.com/http://python.proceranetworks.com/http://python.proceranetworks.com/http://python.proceranetworks.com/


20/289


which interface is used to configure and operate the PacketLogic (client or API). Some screenshotsfrom the graphical user interface (called the client) will be used to illustrate certain concepts.

After this, the main functional areas are described (Traffic Shaping, Filtering, and Statistics) interms of how they operate and what their configuration options mean.

Then the user interfaces are described in detail:Theclientis introduced, describing how to use it to configure and operate the PacketLogic.Webstatistics is described, showing how to access statistics data using a web browser.Theconsoleavailable via a SSH connection or serial connection is described, listing the varioussystem configuration options.

A section describes common procedures step by step, such as taking a backup, updating thePacketLogic software, or capturing traffic for analysis.

The possibilities ofcentralized management are discussed, and trigger functionality is described.

Methods formonitoringthe PacketLogic are described.At the end of the document, there are appendixes containing the list ofsystem configurationval-ues,keyboard shortcuts,system diagnosticsvalues,SNMPOIDs, and various code examples,and an index of keywords for easily finding information on specific topics.

1.5 TECH: Technical Sections

Interspersed with the regular sections are so-calledTechnical Sections. These aim to dissect andexplain PacketLogic in greater detail than what is necessary for normal day-to-day operation ofPacketLogic. These sections are intended for those interested, those who need more technicalinformation for advanced system configuration and those performing advanced maintenance

and troubleshooting. Technical sections are indicated by the section heading starting with TECH:,like in the heading of this section.

20


21/289


2 New in Version 12

This section will highlight the main changes from PacketLogic version 11. It is intended primarilyfor those already familiar with PacketLogic version 11 who want to quickly get up to speed onwhat is new in version 12.

2.1 Release 12.0

2.1.1 Client Interface

The version 12 client retains the look and feel of the version 11 client, but there are some changesto the available functions and views:

LiveView is the new name of what was formerly know as the Surveillance view.

Filtering is now applied as the name for the functionality formerly known as firewall in theclient.

Dynamic Items has a view of its own in LiveView.

2.1.2 Flow Synchronization

Version 12 introducesflow synchronization(flow sync). Flow sync allows multiple packet pro-cessing CPUs (engines) to exchange connection information on connections that are seen by bothengines.

Flow sync provides a means of handling asymmetric traffic, which has been difficult in earlierversions. By ensuring that there is a PacketLogic on each link, and that they are connected ina flow sync network, connection information will be available to all interconnected PacketLogicunits, regardless of whether the same connection has packets on different links.

For further information on flow sync, see section3.2.2.

2.1.3 PL10000 Support

Version 12 of the PacketLogic software will be the first to support the new PL10000 platform.

Note: For full information on functionality in the PL10000, it is recommended to read the PL10000Hardware Description in conjunction with this document.

2.1.4 Flexible Statistics

The statistics handling has been fundamentally redesigned in version 12. Statistics are no longerstored in any way by default, but can be configured to a high level of detail and flexibility usingStatistics Objects and Statistics Rules, which are new in the ruleset in version 12. As withshaping rules, the statistics rules define what traffic that shall be selected for the particular rule(using conditions), and what statistics object to use. The statistics object defines how statisticsshall be extracted and stored for the traffic.

The main improvements are:

Flexible selection of traffic to write statistics for, and what statistics data to write

Configurable resolution per statistics object (instead of five minute intervals for everything)

21


22/289


On-demand writing to disk (instead of once per hour)

2.1.5 Scalability

The PacketLogic Daemon, which controls the real-time interaction with the packet processingengine in PacketLogic, has been redesigned to scale with multiple engines. The protocol forcommunication between engines and pld has also been optimized to this end.

Brought together, this gives PacketLogic the possibility to scale with the number of connectionsin the traffic seen.

2.1.6 Connection Quality Measurements

Connection details in LiveView shows a percentage metric for the quality of the connection, based

on packet drops and retransmissions. See section3.2.4for details.

2.2 Release 12.1

2.2.1 Queue Synchronization

Queue synchronization(queue sync) allows multiple packet processing CPUs (engines) to sharequeues, which form ShapingObjects.

Queue sync, consequently, allows a rule set to be effective across multiple links with asymmetrictraffic. Queue sync ensures that all engines are aware of how much the other involved engines areusing a certain queue. This way, limits can be enforced across multiple engines in a multi-engine

PacketLogic (such as the PL10000), or even across physically separate PacketLogic units.

For further information on queue synchronization, see section4.6.3.

2.2.2 Injection

A new action is available in filtering rules: inject. The intended use is to redirect selected con-nections by injecting an HTTP 307 (Temporary Redirect) response. See section5.1.2.6for details.

2.2.3 Dynamically Loadable Signatures

As of release 12.1, it is possible to update the signature set on PacketLogic without installing a

new firmware. Signature updates are provided as Application Recognition Modules (ARMs),which can be downloaded and installed on a running PacketLogic. Signature updates are avail-able from theUpdatesmenu in the CLI (see section9.3.6.6).

2.2.4 New Flow Behaviour Flags

There are flow behaviour flags added for the direction of a flow ( Inboundand Outbound) andfor indicating if a connection is established (Established). For details, see section3.6.1.11.

2.2.5 Connection Protection can be Disabled

It is now possible to disable connection protection altogether. For details, see section3.7.2.

22


23/289


2.2.6 Physical Monitor Port

On PL10000 platforms, traffic can now be monitored to a physical port, by selecting Monitor Portas the monitor destination in a filtering rule. For information, see section5.1.3.2.

2.2.7 RADIUS Authentication

As of release 12.1, it is possible to configura PacketLogic to authenticate users with a RADIUSserver. RADIUS authentication is configured in the CLI (see section 9.3.4.1), and applies only tologging in with the PacketLogic client or the PacketLogic Python API (including Webstatistics).

2.3 Release 12.2

2.3.1 Local Statistics Storage

The option to store statistical data locally (without a dedicated PLS) is reintroduced in release12.2. This applies to non-PL10000 systems, and enables only limited amounts of statistics data tobe stored.

2.3.2 Volume-based Shaping (VBS)

Volume-based shaping is reintroduced in version 12 as of release 12.2. The feature has beenreimplemented, and the VBS editor in the PacketLogic client looks different from the v11 editor.For more information on VBS, see section4.5. For a description of the VBS editor, see section7.9.1.12.

2.3.3 External Authentication Improved

A PacketLogic can now authenticate users towards a TACACS+ server. As of release 12.2, RA-DIUS authentication also allows configuring granular permissions per user. External authentica-tion now also applies to CLI/SSH login, and multiple authentication servers can be configured.For more information on external authentication, see section3.3.3.3.

2.3.4 Divert

For PL10005 and PL10014 systems, a divert channel is available as of release 12.2. This allows se-

lecting traffic with a filtering rule, and diverting that traffic onto the divert channel. The intendeduse is to pass traffic through a third-party analysis appliance. For further information on Divert,see section5.4.

2.3.5 Sub-item Count in Statistics

Statistics now keeps track of how many items are stored beneath a statistics value. This is avail-able as a graph field in StatisticsObjects, and also shown in a tool tip when viewing bar charts inthe statistics viewer in the PacketLogic client.

23


24/289


2.3.6 Connection logging

Connection logging is available in release 12.2. Connection logging allows storing detailed con-nection information for storage, forensics, and analysis. See section 6.7for details.

2.3.7 Statistics Distributed by Flag

The flow behaviour flags of PacketLogic can now be used to distribute statistics.

2.3.8 CSV Export of Statistical Data

The statistics viewer of the PacketLogic client now exports statistics data to a comma-separatedvalues (CSV) file. This is available from the File Export dialog in the statistics viewer.

2.3.9 Statistics Aggregation

It is possible to aggregate statistical data in release 12.2. This allows separating what data isstored on which statistics system. See section6.1.3.3.

2.3.10 Statistics Linking

It is possible to define links in StatisticsObjects, allowing a distribution level to link to a differentStatisticsObject when browsing statistics. See section6.1.3.3.

2.3.11 Total Graphs Collected in System Overview

There is a new subview in the System Overview, where all aggregated graphs are gathered. Thisis intended to provide a quick overview in a System Overview that shows multiple systems.

2.3.12 Depth Limit on AS Paths in Statistics

It is now possible to limit the number of steps into an AS path to go when distributing statisticsbased on AS paths. For details, see section6.1.3.2.

2.3.13 Statistics Distribution for Remote Virtual Host

Statistics can be distributed by Remote VHost (virtual host), distributing statistics based on thename of the remote host.

2.3.14 Audit Logging

PacketLogic logs client activity to a great level of detail, to allow log auditing.

2.3.15 Quality Metrics (QoE) enhanced

The quality metric (QoE) made available in statistics is now also displayed as a column in theLocal Host, Service, and ServiceObject views in LiveView.

Also, the quality metrics have been refined to show details for the four directions of traffic visibleto the PacketLogic. For details, see section3.2.4.

24


25/289


2.3.16 Support for Forwarding Jumbo Frames

The PL10000 systems are now capable of forwarding jumbo frames. For details on MTU, seesection3.7.1.

2.3.17 DSCP and Channel Information in LiveView and Ruleset

It is now possible to see the DSCP and channel for a connection in LiveView connection details,and it is also possible to match on these parameters in rules.

2.3.18 Shaping Statistics

Fields have been added to store data for packet drops and latency using StatisticsObjects.

2.3.19 Channel Management

Version 12.2 brings back the Channel Editor in the PacketLogic Client, where channel interfacescan be enabled and disabled, and speed/duplex settings can be applied.

2.3.20 Statistics Zooming

It is possible to zoom in line and stacked area charts, by holding downShiftand dragging thecursor to select the interval to zoom to. For details, see section7.7.

2.3.21 Statistics Peak Analysis

It is possible to store information on the top contributing items in a peak in statistics. This isenabled by setting Graph & Peak in the distribution of the StatisticsObject (see section6.1.3.5).The peak data is shown by holding down Ctrl and clicking the graph point for which to showpeak data (see section7.7).

2.3.22 System Diagnostics Minima

Added minimum values to all system diagnostics values, along with timestamps for when theminimum and maximum values were last seen.

2.3.23 Channel Information in System Overview

Made Channel View data available to our System Overview system.

2.3.24 Time Stamps in Channel View

Added last-seen minimum and maximum values to Channel View along with timestamps.

2.3.25 NetObject Counters in LiveView

The Local Hosts view in LiveView now shows the number of NetObjects or hosts that exist in avisible NetObject, as a tooltip when the cursor hovers over the NetObject. Note that the NetObjectmust be expanded for the tooltip to be available.

25


26/289


2.3.26 95th Percentile in Statistics

Line charts in the Statistics Viewer now have an option to show the 95 percentile value.

2.3.27 CommitLog

PacketLogic now keeps a separate commit log where all log entries from committed changesto the different configurable resources in PacketLogic (such as ruleset, system configuration,firmware upgrades etc) are stored, to easily keep track of who changed what and when.

2.3.28 Object Attributes

Any ruleset object can now be provisioned with key value pair properties. This way any kind ofexternal provisioning system can store arbitrary data about objects in the PacketLogic database.

2.3.29 Other Enhancements

Numerous other enhancements have been added:

The SNMP trap server details can be changed, instead of removed and readded.

The port to which SSH listens on the Admin interface can be changed from the default42002.

The Aux port can be configured in terms of duplex settings.

A PacketLogic not running the PacketLogic Daemon (PLD) (such as a statistics system) cannow run SNMP.

Channel statistics is available for the Flow Sync and Monitor ports.

The alerts configured in System Diagnostics can be viewed by right-clicking the root of theSystem Diagnostics tree.

User permissions can be configured to selectively allow viewing service properties for con-nections.

The service nameUndeterminedhas been changed toBeing Analyzed

26


27/289


3 Key Concepts

This section describes the concepts on which operation and configuration of PacketLogic arebased. To readers unfamiliar with PacketLogic or traffic management, it is recommended to readthis section before proceeding.

The basic flow of PacketLogic is:

1. Receive a packet

2. Analyze the packet to determine the following:

Does the packet belong in an existing connection (flow), or does it start a new one?

Does the connection to which the packet belongs match any rules defined?

3. Enforce all rules to which the packets connection applies.

4. If the packet has not been dropped or rejected during the enforcement of the rules, forwardthe packet.

PacketLogic also imposes certain restrictions on the traffic passing through it, some of which areconfigurable. For details, see section3.7.

3.1 Terminology

Some components and concepts have many names to them. These are good to be familiar with,since they can be used interchangeably depending on context.

Connection or flow is a series of packets with a common 5-tuple (see section 3.3.6).

Engine is the core software component performing traffic analysis, shaping, filtering and allother measures in the packet path.

Flow processor or packet processor is a CPU dedicated to processing packets in channel traffic.A flow processor essentially runs the engine and necessary control processes.

Flow processor module (FP module) is a module (blade) in the PL10000 platform series holding

flow processors.

Dynamic item (also referred to as dynamic IP) is a NetObject item inserted dynamically usingthe PacketLogic Python API. This allows changing NetObjects without resource transac-tions, allowing a high rate of operations.

Named dynamic item (also referred to as subscriber) is a "virtual" NetObject, containing dy-namic items. This allows using dynamic items in integration schemes in large-scale deploy-ments with a consistent name for a subscriber even though the actual IP address changes.

Subscriber seenamed dynamic itemabove.

MiB, GiB, TiB (mebibyte, gibibyte, and tebibyte) are the units used for size. These are standards-

based binary multiples of bytes. A mebibyte is 10242

(or 220

) bytes, a gibibyte is 10243

bytes,and so on.

27


28/289


3.2 Traffic Analysis

PacketLogic does analyze each packet that arrives on its interfaces. However, PacketLogic doesnot take action based on an isolated packet. Instead, it looks at the connection to which the packetbelongs. Most of the selection r

Documents

Packetlogic Product Guide v12 2