summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLu Qiuwen <[email protected]>2019-12-16 17:23:13 +0800
committerLu Qiuwen <[email protected]>2019-12-16 17:23:13 +0800
commit45057b6a5477847faab82b01beee41b2bfde9e61 (patch)
tree5065e7b27444671624e34dcdf7e24374d97cd3e7
parentaff22ef682999937ed2fee86b0e88b3c9816c3f1 (diff)
实现In-band的控制面、数据面分离功能,用以支持串联设备的HTTP/NDP保活需求。
Diffstat
-rw-r--r--switch_sled_startup_one_arm/saved_startup176
1 files changed, 148 insertions, 28 deletions
diff --git a/switch_sled_startup_one_arm/saved_startup b/switch_sled_startup_one_arm/saved_startup
index 9755c11..18e5429 100644
--- a/switch_sled_startup_one_arm/saved_startup
+++ b/switch_sled_startup_one_arm/saved_startup
@@ -18,10 +18,10 @@ set port config 41 mask 0..40,42..44
set port config 43 mask 0..44
set port config 0,39,37,41,43 learning on
-create vlan 1000
-add vlan port 1000 43
-create vlan 1001
-add vlan port 1001 43
+create vlan 4000
+add vlan port 4000 43
+create vlan 4001
+add vlan port 4001 43
create lag
add lag 9261 9,10
@@ -117,52 +117,175 @@ add acl-rule condition 1 46 dip 10.0.0.0/8
add acl-rule action 1 46 redirect 7214
create acl-rule 1 47
-add acl-rule condition 1 47 src-port 3
+add acl-rule condition 1 47 src-port 4
add acl-rule condition 1 47 protocol 0x1/0xff
add acl-rule condition 1 47 sip 10.0.0.0/8
add acl-rule condition 1 47 dip 10.0.0.0/8
add acl-rule action 1 47 redirect 7214
-# Redirect all ICMPv4 to ens1f2 -- 192.168.0.0/24
+# Redirect all ICMPv4 to ens1f2 -- 192.168.0.0/16
create acl-rule 1 48
add acl-rule condition 1 48 src-port 1
add acl-rule condition 1 48 protocol 0x1/0xff
-add acl-rule condition 1 48 sip 192.168.0.0/24
-add acl-rule condition 1 48 dip 192.168.0.0/24
+add acl-rule condition 1 48 sip 192.168.0.0/16
+add acl-rule condition 1 48 dip 192.168.0.0/16
add acl-rule action 1 48 redirect 7214
create acl-rule 1 49
add acl-rule condition 1 49 src-port 2
add acl-rule condition 1 49 protocol 0x1/0xff3
-add acl-rule condition 1 49 sip 192.168.0.0/24
-add acl-rule condition 1 49 dip 192.168.0.0/24
+add acl-rule condition 1 49 sip 192.168.0.0/16
+add acl-rule condition 1 49 dip 192.168.0.0/16
add acl-rule action 1 49 redirect 7214
create acl-rule 1 50
add acl-rule condition 1 50 src-port 3
add acl-rule condition 1 50 protocol 0x1/0xff
-add acl-rule condition 1 50 sip 192.168.0.0/24
-add acl-rule condition 1 50 dip 192.168.0.0/24
+add acl-rule condition 1 50 sip 192.168.0.0/16
+add acl-rule condition 1 50 dip 192.168.0.0/16
add acl-rule action 1 50 redirect 7214
create acl-rule 1 51
-add acl-rule condition 1 51 src-port 3
+add acl-rule condition 1 51 src-port 4
add acl-rule condition 1 51 protocol 0x1/0xff
-add acl-rule condition 1 51 sip 192.168.0.0/24
-add acl-rule condition 1 51 dip 192.168.0.0/24
+add acl-rule condition 1 51 sip 192.168.0.0/16
+add acl-rule condition 1 51 dip 192.168.0.0/16
add acl-rule action 1 51 redirect 7214
+# Redirect all TCP with port 51218, for health check - 192.168.0.0/24
+create acl-rule 1 60
+add acl-rule condition 1 60 src-port 1
+add acl-rule condition 1 60 protocol 0x6/0xff
+add acl-rule condition 1 60 sip 192.168.0.0/16
+add acl-rule condition 1 60 dip 192.168.0.0/16
+add acl-rule condition 1 60 l4-dst-port 51218/0xffff
+add acl-rule action 1 60 redirect 7214
+
create acl-rule 1 61
-add acl-rule condition 1 61 src-glort 0x5803
-add acl-rule condition 1 61 vlan 1000
-add acl-rule action 1 61 redirect 7220
-add acl-rule action 1 61 vlan 1
+add acl-rule condition 1 61 src-port 2
+add acl-rule condition 1 61 protocol 0x6/0xff
+add acl-rule condition 1 61 sip 192.168.0.0/16
+add acl-rule condition 1 61 dip 192.168.0.0/16
+add acl-rule condition 1 61 l4-dst-port 51218/0xffff
+add acl-rule action 1 61 redirect 7214
create acl-rule 1 62
-add acl-rule condition 1 62 src-glort 0x5803
-add acl-rule condition 1 62 vlan 1001
-add acl-rule action 1 62 redirect 7213
-add acl-rule action 1 62 vlan 1
+add acl-rule condition 1 62 src-port 3
+add acl-rule condition 1 62 protocol 0x6/0xff
+add acl-rule condition 1 62 sip 192.168.0.0/16
+add acl-rule condition 1 62 dip 192.168.0.0/16
+add acl-rule condition 1 62 l4-dst-port 51218/0xffff
+add acl-rule action 1 62 redirect 7214
+
+create acl-rule 1 63
+add acl-rule condition 1 63 src-port 4
+add acl-rule condition 1 63 protocol 0x6/0xff
+add acl-rule condition 1 63 sip 192.168.0.0/16
+add acl-rule condition 1 63 dip 192.168.0.0/16
+add acl-rule condition 1 63 l4-dst-port 51218/0xffff
+add acl-rule action 1 63 redirect 7214
+
+# Redirect all TCP with port 51218, for health check - 10.0.0.0/8
+create acl-rule 1 64
+add acl-rule condition 1 64 src-port 1
+add acl-rule condition 1 64 protocol 0x6/0xff
+add acl-rule condition 1 64 sip 10.0.0.0/8
+add acl-rule condition 1 64 dip 10.0.0.0/8
+add acl-rule condition 1 64 l4-dst-port 51218/0xffff
+add acl-rule action 1 64 redirect 7214
+
+create acl-rule 1 65
+add acl-rule condition 1 65 src-port 2
+add acl-rule condition 1 65 protocol 0x6/0xff
+add acl-rule condition 1 65 sip 10.0.0.0/8
+add acl-rule condition 1 65 dip 10.0.0.0/8
+add acl-rule condition 1 65 l4-dst-port 51218/0xffff
+add acl-rule action 1 65 redirect 7214
+
+create acl-rule 1 66
+add acl-rule condition 1 66 src-port 3
+add acl-rule condition 1 66 protocol 0x6/0xff
+add acl-rule condition 1 66 sip 10.0.0.0/8
+add acl-rule condition 1 66 dip 10.0.0.0/8
+add acl-rule condition 1 66 l4-dst-port 51218/0xffff
+add acl-rule action 1 66 redirect 7214
+
+create acl-rule 1 67
+add acl-rule condition 1 67 src-port 4
+add acl-rule condition 1 67 protocol 0x6/0xff
+add acl-rule condition 1 67 sip 10.0.0.0/8
+add acl-rule condition 1 67 dip 10.0.0.0/8
+add acl-rule condition 1 67 l4-dst-port 51218/0xffff
+add acl-rule action 1 67 redirect 7214
+
+# Redirect all ICMPv6 link-scope packets
+create acl-rule 1 70
+add acl-rule condition 1 70 src-port 1
+add acl-rule condition 1 70 frame-type ipv6
+add acl-rule condition 1 70 ttl 255
+add acl-rule action 1 70 redirect 7214
+
+create acl-rule 1 71
+add acl-rule condition 1 71 src-port 2
+add acl-rule condition 1 71 frame-type ipv6
+add acl-rule condition 1 71 ttl 255
+add acl-rule action 1 71 redirect 7214
+
+create acl-rule 1 72
+add acl-rule condition 1 72 src-port 3
+add acl-rule condition 1 72 frame-type ipv6
+add acl-rule condition 1 72 ttl 255
+add acl-rule action 1 72 redirect 7214
+
+create acl-rule 1 73
+add acl-rule condition 1 73 src-port 4
+add acl-rule condition 1 73 frame-type ipv6
+add acl-rule condition 1 73 ttl 255
+add acl-rule action 1 73 redirect 7214
+
+create acl-rule 1 74
+add acl-rule condition 1 74 src-port 1
+add acl-rule condition 1 74 frame-type ipv6
+add acl-rule condition 1 74 sip fc00::/7
+add acl-rule condition 1 74 dip fc00::/7
+add acl-rule action 1 74 redirect 7214
+
+create acl-rule 1 75
+add acl-rule condition 1 75 src-port 2
+add acl-rule condition 1 75 frame-type ipv6
+add acl-rule condition 1 75 sip fc00::/7
+add acl-rule condition 1 75 dip fc00::/7
+add acl-rule action 1 75 redirect 7214
+
+create acl-rule 1 76
+add acl-rule condition 1 76 src-port 3
+add acl-rule condition 1 76 frame-type ipv6
+add acl-rule condition 1 76 sip fc00::/7
+add acl-rule condition 1 76 dip fc00::/7
+add acl-rule action 1 76 redirect 7214
+
+create acl-rule 1 77
+add acl-rule condition 1 77 src-port 4
+add acl-rule condition 1 77 frame-type ipv6
+add acl-rule condition 1 77 sip fc00::/7
+add acl-rule condition 1 77 dip fc00::/7
+add acl-rule action 1 77 redirect 7214
+
+create acl-rule 1 80
+add acl-rule condition 1 80 src-glort 0x5801
+add acl-rule action 1 80 redirect 9293
+
+create acl-rule 1 90
+add acl-rule condition 1 90 src-glort 0x5803
+add acl-rule condition 1 90 vlan 4000
+add acl-rule action 1 90 redirect 7220
+add acl-rule action 1 90 vlan 1
+
+create acl-rule 1 91
+add acl-rule condition 1 91 src-glort 0x5803
+add acl-rule condition 1 91 vlan 4001
+add acl-rule action 1 91 redirect 7213
+add acl-rule action 1 91 vlan 1
create acl-rule 1 100
add acl-rule condition 1 100 src-glort 0x5803
@@ -203,12 +326,12 @@ add acl-rule action 1 205 redirect 7219
create acl-rule 1 301
add acl-rule condition 1 301 src-glort 0x5807
add acl-rule action 1 301 redirect 7216
-add acl-rule action 1 301 vlan 1000
+add acl-rule action 1 301 vlan 4000
create acl-rule 1 302
add acl-rule condition 1 302 src-glort 0x5800
add acl-rule action 1 302 redirect 7216
-add acl-rule action 1 302 vlan 1001
+add acl-rule action 1 302 vlan 4001
create acl-rule 1 401
add acl-rule condition 1 401 src-glort 0x5001
@@ -219,9 +342,6 @@ add acl-rule action 1 402 redirect 9325
create acl-rule 1 403
add acl-rule condition 1 403 src-glort 0x4001
add acl-rule action 1 403 redirect 9325
-create acl-rule 1 404
-add acl-rule condition 1 404 src-glort 0x5801
-add acl-rule action 1 404 redirect 9325
apply acl
remote listen
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 15:47:44 +0000