Packetmaster ex2 training

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net

Bringing simplicity to today´s and tomorrow´s communication networks

Packetmaster EX2Training

High Performance Desktop Network Packet Broker

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Cubro Packetmaster supports any SFP brand

Front view

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Optionally the EX2 can be equipped with a internal optical tap (one SM link and one MM link)

Rear view

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Ethernet Management

RS 232 Management 10/100/1000 Base-T Ports

1/10 Gbit SFP/SFP+ Ports

61

2

3

45

Default Port settings:• Port 1 to Port 4: Autoneg On• Port 5 and Port 6: 10G

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



61

2

3

45

Possible port configuration:

Port 1 – 4 Ethernet Base-T 10/100/1000 Mbit, Autoneg off or on

Port 5 – 6 10 Gbit SFP + Single or Multimode

1 Gbit SFP Single or Multimode

1 Gbit Copper SFP 1000 Mbit fix

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Optical TAP Singlemode Optical TAP Multimode

Redundant Dual Power 12 V DC / max 40 VA

2

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



• 2000 filter rules (see fields with read dot)

• Non blocking design 26 Gbit packet load

• Python scripts running on unit

• All ports can work as in- and output

• Fan-less and low power

Possible applications:

Aggregation - traffic filtering - traffic blocking - traffic modification

traffic steering - media converter - SFP testing - traffic generation - traffic capture alarm monitor - hardware firewall - loopback - …

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Change IP address of management interface:

connect via Serial Port: n-8-1 9600 baud

CLI Commands:

configure terminalmanagement ip address 192.168.0.155 netmask 255.255.255.0 management route add gateway 192.168.0.100 endwrite memoryshow management ip address

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



ssh access via Management interface

Default login settings:

• IP address: 192.168.0.200• Netmask: 255.255.255.0• Gateway: 192.168.0.1

• Username: admin• Password: cubro

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



1

2

3

4

CLI Commands:

configconfigure terminalinterface eth-0-1 (for Port 1); eth-0-2 for Port 2, eth-0-3 for Port 3, eth-0-4 for Port 4speed 100 (for 100M); 10 for 10M, auto for Autonegendwrite memoryexit

Change of Port Speed – Ports 1 to 4

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



5 6

CLI Commands to set Ports to 1G:

configconfigure terminalxgport-mode 1Gendwrite memoryreboot

Change of Port Speed – Ports 5 to 6

Link Speed of ports 5 and 6 are coupled. Both ports can be set to 10G or 1G.

CLI Commands to set Ports to 10G:

configconfigure terminalxgport-mode XGendwrite memoryreboot

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



CLI commands

configshow interface statusexit

Interface Status

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



5 6

CLI command

cc show br0

Interface Status

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Port Packet Statistics

CLI command cc dump-ports br0

Clear Port Packet Statistics

CLI commands

Configclear counters interface eth-0-x (1 to 6; or all)exit

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Filter possibilities 1/2in_port=port_number Ingress port number

dl_src=xx:xx:xx:xx:xx:xx Ethernet source address

dl_dst=xx:xx:xx:xx:xx:xx [/ xx:xx:xx:xx:xx:xx]

Ethernet destination addressThis keyword supports a wildcard mask following the slash. Only four masks are allowed.− 01:00:00:00:00:00 Match only the multicast bit. Thus, dl_dst = 01:00:00:00:00:00/01:00:00:00:00:00 matches all multicast (including broadcast) Ethernet packets, and dl_dst = 00:00:00:00:00:00/01:00:00:00:00:00 matches all unicast Ethernet packets.− fe:ff:ff:ff:ff:ff Match all bits except the multicast bit. This is probably not useful.− ff:ff:ff:ff:ff:ff Exact match (equivalent to omitting the mask)− 00:00:00:00:00:00 Wildcard all bits (equivalent to dl_dst = *).

dl_type=ethertype Ethernet Protocol type ethertype, such as 0x0806 to match ARP packets

dl_vlan_pcp=priority Matches IEEE 802.1q Priority Code Point (PCP) priority

dl_vlan=vlan Matches IEEE 802.1q Virtual LAN tag vlan

vlan_tci=tci Matches modified VLAN TCI

nw_src=ip[/netmask] IPv4 source address

nw_dst=ip[/netmask] IPv4 destination addressThe optional netmask allows restricting a match to an IPv4 address prefix. The netmaskmay be specified as a dotted quad (e.g. 192.168.1.0/255.255.255.0) or as a CIDR block (e.g.192.168.1.0/24).When dl_type=0x0806 or arp is specified, matches the arp_spa or arp_tpa field,respectively, I ARP packets for IPV4 and Ethernet.When dl_type is wildcarded or set to a value other than 0x0800 or 0x0806, the values ofnw_src and nw_dst are ignored.

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Filter possibilities 2/2nw_proto=proto IP Protocol type proto which is specified as a decimal number between 0 and 255, inclusive

(e.g. 1 to match ICMP packets or 6 to match TCP packets)

nw_tos=tos IP ToS/DSCP traffic class field ToS which is specified as a decimal number between 0 and 255, inclusive.

tp_src=port UDP or TCP source port.

tp_dst=port UDP or TCP destination port which is specified as a decimal number between 0 and 65535, inclusive (e.g. 80 to match packets originating from a HTTP server)

icmp_type=type ICMP Protocol type which is specified as a decimal number between 0 and 255When dl_type and nw_proto take other values other than ICMP, the values of this setting is ignored.

icmp_code=code ICMP Protocol code which is specified as a decimal number between 0 and 255When dl_type and nw_proto take values other than ICMP, the values of this setting is ignored.

idle_timeout=seconds Causes the flow to expire after the given number of seconds of inactivityA value of 0 (the default) prevents a flow from expiring due to inactivity.

hard_timeout=seconds Causes the flow to expire after the given number of seconds, regardless of activityA value of 0 (the default) gives the flow no hard expiration deadline.

Abbreviations:

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Wildcard match fields:

IN_PORT MAC_SA/MAC_DA VLAN_ID/VLAN_PCP ETHER_TYPEICMP TYPE/ICMP CODE ARP_OP/ARP_SPA/ARP_TPA IPSA/IPDA/IP_DSCP L3_PROTOCOL TCP_SRC_PORT/TCP_DST_PORT UDP_SRC_PORT/UDP_DST_PORT GRE TUNNEL IDMPLS_LABEL

Available Actions:

OUTPUTSET_FIELD(MAC_SA/MAC_DA/VLAN_VID/VLAN_PCP/IPV4_DA/TCP_DST_PORT/UDP_DST_PORT/MPLS_LABEL/MPLS_TC/TUNNEL_ID) (means change the field)

PUSH_MPLS/POP_MPLS PUSH_VLAN/POP_VLAN DEC_IP_TTL SET_MPLS_TTL

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: aggregation one 10 Gbit link with optical splitter to 10 Gbit fibre output

To aggregate the two directions of a 10 Gbit link you normally need three 10 Gbit ports, not so with the EX2.

First you connect the two cables from the link over the splitter on the backside of the EX2. Then you must connect the two Monitor outputs with the two 10 Gbit receivers on the EX2. The 10 Gbit transmitters are still available and can be connected to the probe.

CLI Commands:

cc add-flow br0 in_port=5,actions=output:5cc add-flow br0 in_port=6,actions=output:5

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: aggregation one 10 Gbit link with optical splitter to 1 Gbit copper output

To aggregate the two directions of a 10 Gbit link to a 1 Gbit output. This is only working if the total load is lower than 1 Gbit, or if filters are used to reduce the load on the output.

First you connect the two cables from the link over the splitter on the backside of the EX2. Then you must connect the two Monitor outputs with the two 10 Gbit receivers on the EX2. Then connect your capture device on one copper port.

CLI commands:


With filter: (subnet source 10.10.10.10./24)

cc add-flow br0 in_port=5,ip,nw_src=10.10.10.10/24,actions=output:1cc add-flow br0 in_port=6,ip,nw_src=10.10.10.10/24,actions=output:1

,

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: aggregation one 10 Gbit link to 1 Gbit copper output

To aggregate the two directions of a 10 Gbit link to a 1 Gbit output. This is only working if the total load is lower than 1 Gbit, or if filters are used to reduce the load on the output.

If you do not have the optical tap or if you have a low optical budget you can also use the EX2 in line. Then you must connect the two outputs with the two 10 Gbit ports on the EX2. Then connect your capture device on one copper port.

CLI commands:

cc add-flow br0 in_port=5,actions=output:1,6cc add-flow br0 in_port=6,actions=output:1,5

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: aggregation one 10 Gbit link with optical splitter to 4 parallel 1 Gbit copper outputs

CLI commands:

cc add-flow br0 in_port=5,actions=output:1,2,3,4cc add-flow br0 in_port=6,actions=output:1,2,3,4

Maximum packet performance is 1GBest is to use traffic via filters – e.g. only specific IP addresses

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: aggregation one 10 Gbit link to 4 parallel 1 Gbit copper outputs

CLI commands:

cc add-flow br0 in_port=5,actions=output:1,2,3,4,6cc add-flow br0 in_port=6,actions=output:1,2,3,4,5

Maximum packet performance is 1GBest is to use traffic via filters – e.g. only specific IP addresses

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: aggregation one 1 Gbit link to 1 Gbit copper

To aggregate the two directions of a 1 Gbit link to a 1 Gbit output. This is only working if the total load is lower than 1 Gbit or if filters are used to reduce the load on the output.

If you do not have a copper tap the EX2 can be used in line. Connect the two outputs with two 1 Gbit ports on the EX2. Then connect your capture device on one copper port.

CLI commands:

cc add-flow br0 in_port=2,actions=output:1,4cc add-flow br0 in_port=4,actions=output:1,2

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: aggregation 3 x 1 Gbit ports (from a span port) to 1 Gbit copper output

CLI commands:

cc add-flow br0 in_port=2,actions=output:1cc add-flow br0 in_port=3,actions=output:1cc add-flow br0 in_port=4,actions=output:1

To aggregate only a specific VLAN ID (e.g. VLAN ID = 200):

cc add-flow br0 in_port=2,dl_vlan=200,actions=output:1cc add-flow br0 in_port=3,dl_vlan=200,actions=output:1cc add-flow br0 in_port=4,dl_vlan=200,actions=output:1

To aggregate only a VLAN (ID=200) and an IP address (in this case only the source IP of 10.10.10.10)

cc add-flow br0 in_port=2,ip,dl_vlan=200,nw_src=10.10.10.10,actions=output:1cc add-flow br0 in_port=3,ip,dl_vlan=200,nw_src=10.10.10.10,actions=output:1cc add-flow br0 in_port=4,ip,dl_vlan=200,nw_src=10.10.10.10,actions=output:1

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: aggregation one 2 x 1 Gbit link to 2 Gbit copper outputs

The two SFP ports of the EX2 can be equipped with copper SFP as well. There is a limitation, these ports only support Gbit line speed. (use 1000 BT SFP only, no 10/100/1000 BT SFP). If you do so the EX2 supports 6 copper ports.

In this example we show how you can tap two copper links inline and send the traffic to two copper outputs at the same time.

CLI commands:

cc add-flow br0 in_port=1,actions=output:,3,5,6cc add-flow br0 in_port=3,actions=output:,1,5,6

cc add-flow br0 in_port=2,actions=output:4,5,6cc add-flow br0 in_port=4,actions=output:2,5,6

Link1

Link2

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: 10 Gbit <-> 1 Gbit media-converter

The EX2 can also work as ”simple” media converter. But not only to convert the media layer (optical - electrical). The Packetmaster can also convert between the bandwidths 1 Gbit - 10 Gbit in order to connect a 1 Gbit device to a 10 Gbit network and vice versa.

CLI commands:


Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: SFP Testing

Sometimes you have the need to test SFP. If you have an EX 2 this is simple. Connect the SFP in one port, on the other port you need also an SFP. Just make a loop between the SFPs and check if link LED comes on.

Detailed reading of the SFPs can be done with the following CLI commands:

configshow transceiverexit

configshow transceiver detailexit

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: SFP Testing

Port port-5 transceiver info: Transceiver Type: 1000BASE-LX Transceiver Vendor Name : CISCO-FINISAR Transceiver PN : GP3124L2CD-C Transceiver S/N : GS1111150026 Transceiver Output Wavelength: 1310 nmSupported Link Type and Length: Link Length for 9/125um single mode fiber: 10 km Link Length for 9/125um single mode fiber: 10000 m Link Length for 50/125um multi-mode fiber: 550 m Link Length for 62.5/125um multi-mode fiber: 550 m----------------------------------------------------------------------------Transceiver is externally calibrated.mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable. ++ : high alarm, + : high warning, - : low warning, -- : low alarm. The threshold values are calibrated. ---------------------------------------------------------------------------- High Alarm High Warn Low Warn Low Alarm Temperature Threshold Threshold Threshold Threshold Port (Celsius) (Celsius) (Celsius) (Celsius) (Celsius) --------- ------------------ ---------- ---------- ---------- ---------- port-5 39.86 100.00 95.00 -45.00 -50.00 ---------------------------------------------------------------------------- High Alarm High Warn Low Warn Low Alarm Voltage Threshold Threshold Threshold Threshold Port (Volts) (Volts) (Volts) (Volts) (Volts) --------- ------------------ ---------- ---------- ---------- ----------port-5 3.29 3.70 3.60 3.00 2.90 ---------------------------------------------------------------------------- High Alarm High Warn Low Warn Low Alarm Current Threshold Threshold Threshold Threshold Port (milliamperes) (mA) (mA) (mA) (mA) --------- ------------------ ---------- ---------- ---------- ----------port-5 17.00 65.00 60.00 12.00 10.00 ---------------------------------------------------------------------------- Optical High Alarm High Warn Low Warn Low Alarm Transmit Power Threshold Threshold Threshold Threshold Port (dBm) (dBm) (dBm) (dBm) (dBm) --------- ------------------ ---------- ---------- ---------- ---------- port-5 -7.33 1.00 0.00 -12.00 -13.00 ---------------------------------------------------------------------------- Optical High Alarm High Warn Low Warn Low Alarm Receive Power Threshold Threshold Threshold Threshold Port (dBm) (dBm) (dBm) (dBm) (dBm) --------- ------------------ ---------- ---------- ---------- ---------- port-5 -40.00 -- 1.00 0.00 -26.02 -26.99 ----------------------------------------------------------------------------

Port port-6 transceiver info: Transceiver Type: 1000BASE-LX Transceiver Vendor Name : FINISAR CORP. Transceiver PN : FTLF1318P2BCL-PR Transceiver S/N : H62E355 Transceiver Output Wavelength: 1310 nmSupported Link Type and Length: Link Length for 9/125um single mode fiber: 4 km Link Length for 9/125um single mode fiber: 4000 mDigital diagnostic is not implemented.

With DMM feature Without DMM feature

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Stacking of Rules / Overlapping Flows

ALL incoming traffic from port 1 should be sent to port 6 while traffic with the IP source address of 192.168.1.1 from port 1 should be sent to port 5. As a 1st attempt lets try following flows:

cc add-flow br0 in_port=1,actions=output:6cc add-flow br0 in_port=1,ip,nw_src=192.168.1.1,actions=output:5

These flows will produce an error because you have a wildcard and a specific flow The reason is that the packet will be processed by the first flow. All packets are going to Port 6 and then there is no packet any more. If you want to stack rules you can this by be using an additional priority field.

The priority at which a wild carded entry will match in comparison to others. Value is a number between 0 and 65535, inclusive. A higher value will match before a lower one. An exact-match entry will always have priority over an entry containing wildcards, so it has an implicit priority value of 65535. When adding a flow, if the field is not specified, the flow’s priority will default to 32768. So the flows should look like this:

cc add-flow br0 in_port=1,ip,nw_src=192.168.1.1,priority=40000,actions=output:5,6cc add-flow br0 in_port=1,priority=30000,actions=output:6

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Stacking of Rules / Overlapping Flows

Required Functionality• Port 1: input• Port 2: input• Port 3: input • Port 4: input• Port 5: output – aggregate VLAN ID 100 traffic from Port 1 to 4 • Port 6: output – aggregate all traffic from port 1 to 4

Flows:cc add-flow br0 in_port=1,dl_vlan=100,priority=40000,actions=output:5,6cc add-flow br0 in_port=2,dl_vlan=100,priority=40000,actions=output:5,6cc add-flow br0 in_port=3,dl_vlan=100,priority=40000,actions=output:5,6cc add-flow br0 in_port=4,dl_vlan=100,priority=40000,actions=output:5,6cc add-flow br0 in_port=1,priority=30000,actions=output:6cc add-flow br0 in_port=2,priority=30000,actions=output:6cc add-flow br0 in_port=3,priority=30000,actions=output:6cc add-flow br0 in_port=4,priority=30000,actions=output:6

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: Aggregation 3 x 1 Gbit ports (from span ports) to 1 Gbit copper output for a specific UDP and TCP Port

CLI Commands (for TCP Destination Port 80)

cc add-flow br0 in_port=2,ip,nw_proto=6,tp_dst=80,actions=output:1cc add-flow br0 in_port=3,ip,nw_proto=6,tp_dst=80,actions=output:1cc add-flow br0 in_port=4,ip,nw_proto=6,tp_dst=80,actions=output:1

only specific TCP Destination or Source Port

– e.g. 80

In order to get also traffic with TCP Source Port 80 then following CLI commands needs to be added:

cc add-flow br0 in_port=2,ip,nw_proto=6,tp_src=80,actions=output:1cc add-flow br0 in_port=3,ip,nw_proto=6,tp_src=80,actions=output:1cc add-flow br0 in_port=4,ip,nw_proto=6,tp_src=80,actions=output:1

For UDP traffic replace nw_proto=6 with nw_proto=17

More protocol numbers can be found on http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net


Application: Drop specific traffic


In addition to the “output action” the EX2 supports also action=drop. Drop means that specified traffic is getting discarded by the EX2.

E.g. Drop all incoming http traffic at Port 1 and forward the remaining traffic to port 1

CLI Commands (for TCP Destination & Source Port 80)

cc add-flow br0 In_port=2,ip,nw_proto=6,tp_dst=80,priority=40000,actions=dropcc add-flow br0 in_port=2,ip,nw_proto=6,tp_src=80,priority=40000,actions=dropcc add-flow br0 in_port=2,priority=30000,actions=output:1

Note: Drop flow can reduce the number of output flows dramatically

Drop of ICMP messages: cc add-flow br0 ip,nw_proto=1,actions=drop

Drop of ARP messages: cc add-flow br0 dl_type=0x0806,actions=drop

Input Port is not specified in this case the flow is valid for all ports!

All traffic including http

All traffic excluding http

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: VLAN tag removal (VLAN pop function)

CLI Command to remove VLAN tag from packet at input 1 and send traffic to output 2 )

cc add-flow br0 in_port=1,actions=pop_vlan,output:2

CLI Command to remove VLAN tag with ID=200 and send traffic to output 2;all other traffic is removed

cc add-flow br0 in_port=1,dl_vlan=200,actions=pop_vlan,output:2

Input Traffic Output Traffic

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: Add VLAN tag removal (VLAN push function)

EX2 allows to add a VLAN tag to the traffic. This function can be used to mark the traffic at the input ports so that at an aggregated output it is still visible at which input port the traffic originally came from.

CLI Command to add VLAN tag ID100 at input 1 and send traffic to output 3

cc add-flow br0 "in_port=1,actions=push_vlan:0x8100,set_field:100->vlan_vid,output:3"Note: “ “ are required in the CLI command

If the incoming traffic has already VLAN tag the new/added VLAN tag will be the outer tag

Input Traffic Output Traffic

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: Loopback/Responder for testing purposes

EX2 allows to set input port equal to output port acting as a Layer 1 loopback

CLI command:cc add-flow br0 in_port=1,actions=output:1

Moreover, the EX2 allows to change MAC addresses, IP Destination address as well as UDP/TCP Destination Port Numbers and send out the traffic again at the same port thus the EX2 can be used as Layer 2, 3 and 4 loopback

Change MAC Source and Destination Addresscc add-flow br0 “in_port=1,actions=set_field:00:00:00:00:00:01->eth_src,set_field:00:00:00:00:00:02->eth_dst,output:1“

Change IP Destination Addresscc add-flow br0 “in_port=1,ip,actions=set_field:10.0.0.2->ip_dst,output:1“

Change TCP Destination Portcc add-flow br0 “in_port=1,ip,tcp,actions=set_field:1000->tp_dst,output:1“

Change MAC Source&Destination, IP Destination Adress and UDP Port Numberovs-ofctl add-flow br0 “in_port=1,ip,tcp,actions=set_field:00:00:00:00:00:01->eth_src,set_field:00:00:00:00:00:02->eth_dst, set_field:10.0.0.2->ip_dst,set_field:1000->tp_dst,output:1“

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: Traffic Generation EX2 allows to generate traffic – e.g. to generate an ARP message, ping or any other message.The EX2 can send out a string of hex bytes.

CLI command:cc packet-out br0 local output:1 "FF FF FF FF FF FF 00 00 00 00 00 01 08 06 00 01 08 00 06 04 00 01 00 00 00 00 00 01 0A 00 00 01 00 00 00 00 00 00 0A 00 00 02 00 00 00 00 00 00 00 00 00 00“This command sends a single packet; a continues stream of packets can be produced via a script.

Wireshark decodes this information as follows:

Performance is about 40 to 50 packets per second.

By copying hex data from wireshark any packet content can be produced.:

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: Control the Packetmaster via Wi-Fi

The EX2 can be managed and controlled remotely using a Wi-Fi bridge. In this way a laptop computer with only one Ethernet port can be used for management (using Wi-Fi) and Traffic monitoring (using the Ethernet port) simultaneously.

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: Capture traffic from a 10 Gbit link with remote control

In case your computer only offers one NIC card werecommend using the CUBRO Ethernet - USBconverter. This plug and play device adds two fullEthernet interfaces to your computer via USB

The additional 2 Ethernet ports allow to manage the EX2, monitor the traffic and connect to the internet at the same time. In this way a remote operation and monitoring can be accessed from anywhere.

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Application: traffic inserter …. No better name

This application is maybe a little special but it shows once more how many nice features the Packetmaster is offering.

The idea is to insert the EX2 in a live 10 Gbit link, and connect a standard PC to this link. The Packetmaster works like a "switch” but offers full control and the 1 Gbit PC can be part of a 10 Gbit network.

The IP or the MAC address of the PC must be known!

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Flow Statistics

CLI Command cc dump-flows br0

Clear Flow Statistics

CLI Commands

configcc clear counters flowsexit

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Delete a Flow(s)

CLI Commands cc del-flows br0Deletes all flows

cc del-flows br0 in_port=1Deletes all flows that include statement „in_port 1“

cc del-flow br0 in_port=1, tcp, tp_src=80Deletes the flow with in_port=1, tcp, tp_src=80

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Save Flows / Default Start-up Flows

By default the EX2 will not save the flows. After reboot the flows are deleted and the units starts without flows.

Save Flows1st define the flows and check with CLI command

cc dump-flows br0if the flows are correct..As a 2nd step use CLI command

saveflows.shand flows are automatically included in the file “flows”.

Start-up FlowsFlows that are included in file “flows” (see above) are automatically loaded after a reboot.

Edit Start-up FlowsUse vi Editor to directly manipulate the flows in the file “flows” via following CLI command:

vi flowsinsert/add/change the requested flows; more details about vi Editor commands are available on the internet – e.g. http://www.cs.rit.edu/~cslab/vi.html

Delete Start-up Flowscc del-flows br0saveflows.sh

http://www.cs.rit.edu/~cslab/vi.html

Tap

pin

g, A

gg

reg

ati

on

an

d F

ilte

rin

gwww.cubro.net



Support / Additional Questions

If you have any additional question or need help contact us.

Cubro Acronet GesmbHGeiselbergstr. 17/6.OG1110 ViennaAustria

Tel.: +43 1 29826660Fax: +43 1 2982666399Email: [email protected] www.cubro.net

mailto:[email protected]

http://www.cubro.net/

Technology

Packetmaster ex2 training