Allegro Network Multimeter Manual

Ingress filter: Difference between revisions

Page Discussion

Ingress filter (view source)

Revision as of 09:15, 9 December 2020

3 bytes added ,  9 December 2020
no edit summary
No edit summary
Line 13: Line 13:
* duplicate packets.
* duplicate packets.


They can all be set to either denylist or allowlist mode.  
They can all be set to either deny list or allow list mode.  
Filtering will be evaluated for every packet in tab order.  
Filtering will be evaluated for every packet in tab order.  
The more restrictive filter will be applied.  
The more restrictive filter will be applied.  
For instance if no IP address is denied but a specific MAC address is on the denylist, no traffic for that MAC address will be processed.
For instance if no IP address is denied but a specific MAC address is on the deny list, no traffic for that MAC address will be processed.


NOTE: The ingress (NIC) filter is applied to live traffic only, e.i. the traffic sent to the monitoring interfaces of an Allegro. When replaying data from the ring buffer, loading a pcap or using the remote traffic capture feature, filtering is not used and/or applied.
NOTE: The ingress (NIC) filter is applied to live traffic only, i.e. the traffic sent to the monitoring interfaces of an Allegro. When replaying data from the ring buffer, loading a pcap or using the remote traffic capture feature, filtering is not used and/or applied.


NOTE: The data recorded to/stored in the Packet Ring buffer, is of course also affected by the Ingress filter. Additional ring buffer capture rules may be configured under "Generic - Packet Ring Buffer", further explained in our wiki here [[Packet ring buffer#Packet%20ring%20buffer%20snapshot%20length%20filter|https://allegro-packets.com/wiki/Packet_ring_buffer#Packet_ring_buffer_snapshot_length_filter]]
NOTE: The data recorded to/stored in the Packet Ring buffer, is of course also affected by the Ingress filter. Additional ring buffer capture rules may be configured under "Generic - Packet Ring Buffer", further explained in our wiki here [[Packet ring buffer#Packet%20ring%20buffer%20snapshot%20length%20filter|https://allegro-packets.com/wiki/Packet_ring_buffer#Packet_ring_buffer_snapshot_length_filter]]
Line 71: Line 71:
| Reserved memory (MB) || Controls how much memory in megabytes is reserved for packet deduplication. This memory then cannot be used for other statistics. Changes to this value will need a restart of the processing to take effect.
| Reserved memory (MB) || Controls how much memory in megabytes is reserved for packet deduplication. This memory then cannot be used for other statistics. Changes to this value will need a restart of the processing to take effect.
|-
|-
| Packet timeout (ms) || The time in milliseconds after which a packet hash is removed form the packet deduplication. If the time is between identical packets is longer than this value the packets will not be detected as duplicates.
| Packet timeout (ms) || The time in milliseconds after which a packet hash is removed from the packet deduplication. If the time is between identical packets is longer than this value the packets will not be detected as duplicates.
|-
|-
| Compare starting at layer || Here it is possible to choose where the packet deduplication will start to analyze the packet. If e.g. 'Layer 3' is chosen it is possible for two packets to have different MAC addresses and still be detected as duplicates.
| Compare starting at layer || Here it is possible to choose where the packet deduplication will start to analyze the packet. If e.g. 'Layer 3' is chosen it is possible for two packets to have different MAC addresses and still be detected as duplicates.
|-
|-
| Layer 7 length limit for compare (bytes) || This value controls how many bytes of the application payload are actually used for the hash calculation. A very high value may affect the performance while a vary low value may increase the risk of false positives.
| Layer 7 length limit for compare (bytes) || This value controls how many bytes of the application payload are actually used for the hash calculation. A very high value may affect the performance while a very low value may increase the risk of false positives.
|-
|-
| Ignore VLAN || The VLAN tag will not be used by the packet deduplication so that two packets from different VLANs can still be detected as duplicates.
| Ignore VLAN || The VLAN tag will not be used by the packet deduplication so that two packets from different VLANs can still be detected as duplicates.
Remco.derooy
325

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/3272"