search

Net Optics Smart Filtering Appliance User Manual Page 37

  • Download
  • Add to my manuals
  • Print
  • Page
    / 57
  • Table of contents
  • BOOKMARKS
    • Rated. / 5. Based on customer reviews
Page view 36
33
*** Condential - DO NOT Distribute ***
Director
Understand lter interactions
It is important to understand that Director uses Content Addressable Memory (CAM) technology to implement lters.
As each lter is dened, it is stored in the next available entry in the CAM. Each packet header is compared in the
CAM, and the CAM returns the index of the rst lter that the packet header matched. That lter, and only that lter,
controls which monitoring ports receive a copy of the packet. Other lters are not executed for that packet. Therefore,
lters are not completely independent; one lter can affect the operation of another.
Let's walk through an example of a lter interaction that may be unexpected.
First, we will set up a lter for an IP address:
lteraddin_ports=n1.5ip_src=192.186.10.0action=redirredir_ports=m.1
ltercommit
Network Port 5 Monitor Port 1
Source IP =
192.168.10.0
192.168.10.15
lter add in_ports=n1.5 ip_src=192.168.10.0 ip_src_mask= 240 action=redir redir_ports=m.1
CAM
Address Filter
1 n1.5 ip_src=192.186.10.0 m.1
A simple IP address lter, shown with CAMFigure 34:
All trafc from Network Port 5 that comes from IP address 192.186.10.0 matches the rst CAM entry and therefore is
copied to Monitor Port 1.
Next, suppose we want another monitoring tool to see all the TCP trafc from Network Port 5, so we set up this lter:
lteraddin_ports=n1.5ip_proto=6action=redirredir_ports=m.2
ltercommit
Monitor Port 2
Protocol =
TCP
Network Port 5
Monitor Port 1
Source IP =
192.186.10.0
lter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
lter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
Filter interactions
are not shown!
CAM
Address Filter
1 n1.5 ip_src=192.186.10.0 m.1
2 n1.5 ip_proto=TCP m.1
Incorrect ow diagram of two lters; lter interaction in CAM is neglectedFigure 35:
Page view 36
1 2 ... 32 33 34 35 36 37 38 39 40 41 42 ... 56 57

Comments to this Manuals

No comments
  • Silex Barkan Mounting Systems Caltron Industries Chameleon Labs Hippo
  • Powerline Fitness, gymnastics & weight training Rolls Unknown Impex Fitness, gymnastics & weight training Scientific Atlanta Remote controls Sanitaire Unknown
  • Philips FWR7 Philips HR7620 Nad C 445 Dock-edge Dock Pulse PMX1604
  • Sony HBH-60 User Manual AEG KME561000M User Manual Seca 101 User Manual Canon EOS 6D Mark II User Manual Hilti 274935 Use and Care Manual