GET /api2/tm/rulesets/<set_id>/rules/
viewer
POST /api2/tm/rulesets/<set_id>/rules/
user
GET /api2/tm/rulesets/<set_id>/rules/<rule_id>
viewer
PUT /api2/tm/rulesets/<set_id>/rules/<rule_id>
user
DELETE /api2/tm/rulesets/<set_id>/rules/<rule_id>
user{
"id": 1,
"set_id": 10,
"name": "rule_name",
"src_ports": [{"id":1, "type":"INF"}, ...],
"dst_ports": [{"id":1, "type":"INF"}, {"id":130, "type":"CPU"}, {"id":130, "type":"LAG"}, ...],
"enable_counter": true,
"filter": {
"l2": {
"src_mac": {"type":"mac", "val":"aa:aa:aa:aa:aa:aa", "mask":"ff:ff:ff:ff:ff:ff"},
"dst_mac": {"type":"mac", "val":"aa:aa:aa:aa:aa:aa", "mask":"ff:ff:ff:ff:ff:ff"},
"eth_type": {"type":"hex16", "val":"86dd", "mask":"ffff"},
"in_vid_group": 1,
"out_vid_group": 2,
"mpls_label_0": {"type": "mpls", "val": "ad2a3", "mask": "ffff00"},
"mpls_label_1": {"type": "mpls", "val": "ad2a3", "mask": "ffff00"},
"mpls_label_2": {"type": "mpls", "val": "ad2a3", "mask": "ffff00"},
"mpls_label_3": {"type": "mpls", "val": "ad2a3", "mask": "ffff00"},
"mpls_label_4": {"type": "mpls", "val": "ad2a3", "mask": "ffff00"},
"mpls_label_5": {"type": "mpls", "val": "ad2a3", "mask": "ffff00"}
},
"l3": {
"src_addr": {"type":"ipv4", "val":"192.168.1.20", "mask":"255.255.255.0"},
"dst_addr": {"type":"ipv4", "val":"192.168.1.20", "mask":"255.255.255.0"},
"src_addr6": {"type":"ipv6", "val":"...", "mask":"..."},
"dst_addr6": {"type":"ipv6", "val":"...", "mask":"..."},
"protocol": {"type":"hex8", "val":"2f", "mask":"ff"},
"mf_flag": true/false/null,
"df_flag": true/false/null,
"offset_zero": true/false/null
},
"l4": {
"src_port_group": 1,
"dst_port_group": 1
}
},
"action": {
"type": "...",
"data": {...}
},
"priority_class":0
}
or
{
...
"action": null
}
Type | Data | Description |
---|---|---|
drop |
none | Drops packets which hits the rule. |
vlan_tag |
"vid":<1-4095> |
Add VLAN tag with specified vid . This won't apply in case of QinQinQ. |
vlan_strip |
none | Remove the inner or outer VLAN tag. This won't apply on untagged traffic. |
slicing |
{"size": <num>} where <num> is a decimal value between 64 and 9215 |
Truncates the packet to the specified size. |
erspan_strip |
none | Decapsulate traffic from erspan tunnel. |
erspan_tunnel |
{"src_ip": "<ipv4>", "dst_ip": "<ipv4>", "src_mac":"<mac>", "dst_mac":"<mac>", "erspan_session_id":<id>, "timestamp":<bool>, "packet_size":<psize>, "vid":<vid>} |
Encapsulate traffic in erspan tunnel |
erspan3_tunnel |
{"src_ip": "<ipv4>", "dst_ip": "<ipv4>", "src_mac":"<mac>", "dst_mac":"<mac>", "erspan_session_id":<id>, "timestamp":<bool>, "packet_size":<psize>, "vid":<vid>} |
Encapsulate traffic in erspan3 tunnel |
gretap_tunnel |
{"src_ip": "<ipv4>", "dst_ip": "<ipv4>", "src_mac":"<mac>", "dst_mac":"<mac>", "erspan_session_id":<id>, "timestamp":<bool>, "packet_size":<psize>, "vid":<vid>} |
Encapsulate traffic in gretap tunnel |
Where <psize> is 0 if not set, can be an integer between 128 and 9100 otherwise.Where <vid> is null if not set, can be an integer between 0 and 4095 otherwise. |
||
vxlan_strip |
none | Stripping vxlan header |
mpls_strip |
none | Stripping mpls tag |
teredo_strip |
none | Stripping teredo header |
ipinip_strip |
none | Stripping ipinip header |
gretap_strip |
none | Stripping gretap header |
gtp_ip_allow |
{"src_addr": {"type":"ipv4", "val":"<addr>", "mask":"<mask>"}, "dst_addr": {"type":"ipv4", "val":"<addr>", "mask":"<mask>"}} |
Allow to filter the inner IPv4 header src and destination addresses. |
gtp_ip_drop |
{"src_addr": {"type":"ipv4", "val":"<addr>", "mask":"<mask>"}, "dst_addr": {"type":"ipv4", "val":"<addr>", "mask":"<mask>"}} |
A combination of gtp_ip_allow and drop actions. |
erspan_allow |
{"session_id": {"type":"hex16", "val":"<addr>", "mask":"<mask>"}} |
Allow erspan |
erspan_drop |
{"session_id": {"type":"hex16", "val":"<addr>", "mask":"<mask>"}} |
Erspan drop |
vxlan_allow |
{"vni": {"type":"hex32", "val":"<addr>", "mask":"<mask>"}} |
Allow vxlan |
vxlan_drop |
{"vni": {"type":"hex32", "val":"<addr>", "mask":"<mask>"}} |
Vxlan drop |
mpls_strip_all |
none | Mpls strip all |
spoof_src_mac |
{"mac":"<mac_address>"} |
Spoof src mac |
spoof_dst_mac |
{"mac":"<mac_address>"} |
Spoof dst mac |