Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   vtep    ( 5 )

схема базы данных hardware_vtep (hardware_vtep database schema)

ACL_entry TABLE

Describes the individual entries that comprise an Access Control List.

Each entry in the table is a single rule to match on certain header fields. While there are a large number of fields that can be matched on, most hardware cannot match on arbitrary combinations of fields. It is common to match on either L2 fields (described below in the L2 group of columns) or L3/L4 fields (the L3/L4 group of columns) but not both. The hardware switch controller may log an error if an ACL entry requires it to match on an incompatible mixture of fields.

Summary: sequence integer L2 fields: source_mac optional string dest_mac optional string ethertype optional string L3/L4 fields: source_ip optional string source_mask optional string dest_ip optional string dest_mask optional string protocol optional integer source_port_min optional integer source_port_max optional integer dest_port_min optional integer dest_port_max optional integer tcp_flags optional integer tcp_flags_mask optional integer icmp_type optional integer icmp_code optional integer direction string, either egress or ingress action string, either deny or permit Error Notification: acle_fault_status : invalid_acl_entry none acle_fault_status : unspecified_fault none

Details: sequence: integer The sequence number for the ACL entry for the purpose of ordering entries in an ACL. Lower numbered entries are matched before higher numbered entries.

L2 fields:

source_mac: optional string Source MAC address, in the form xx:xx:xx:xx:xx:xx

dest_mac: optional string Destination MAC address, in the form xx:xx:xx:xx:xx:xx

ethertype: optional string Ethertype in hexadecimal, in the form 0xAAAA

L3/L4 fields:

source_ip: optional string Source IP address, in the form xx.xx.xx.xx for IPv4 or appropriate colon-separated hexadecimal notation for IPv6.

source_mask: optional string Mask that determines which bits of source_ip to match on, in the form xx.xx.xx.xx for IPv4 or appropriate colon- separated hexadecimal notation for IPv6.

dest_ip: optional string Destination IP address, in the form xx.xx.xx.xx for IPv4 or appropriate colon-separated hexadecimal notation for IPv6.

dest_mask: optional string Mask that determines which bits of dest_ip to match on, in the form xx.xx.xx.xx for IPv4 or appropriate colon- separated hexadecimal notation for IPv6.

protocol: optional integer Protocol number in the IPv4 header, or value of the "next header" field in the IPv6 header.

source_port_min: optional integer Lower end of the range of source port values. The value specified is included in the range.

source_port_max: optional integer Upper end of the range of source port values. The value specified is included in the range.

dest_port_min: optional integer Lower end of the range of destination port values. The value specified is included in the range.

dest_port_max: optional integer Upper end of the range of destination port values. The value specified is included in the range.

tcp_flags: optional integer Integer representing the value of TCP flags to match. For example, the SYN flag is the second least significant bit in the TCP flags. Hence a value of 2 would indicate that the "SYN" flag should be set (assuming an appropriate mask).

tcp_flags_mask: optional integer Integer representing the mask to apply when matching TCP flags. For example, a value of 2 would imply that the "SYN" flag should be matched and all other flags ignored.

icmp_type: optional integer ICMP type to be matched.

icmp_code: optional integer ICMP code to be matched.

direction: string, either egress or ingress Direction of traffic to match on the specified port, either "ingress" (toward the logical switch or router) or "egress" (leaving the logical switch or router).

action: string, either deny or permit Action to take for this rule, either "permit" or "deny".

Error Notification:

An entry in this column indicates to the NVC that the ACL could not be configured as requested. The switch must clear this column when the error has been cleared.

acle_fault_status : invalid_acl_entry: none Indicates that an ACL entry requested by the controller could not be instantiated by the switch, e.g. because it requires an unsupported combination of fields to be matched.

acle_fault_status : unspecified_fault: none Indicates that an error has occurred in configuring the ACL entry but no more specific information is available.