Infinet Wireless: Technical Documentation
Page tree

Versions Compared

Old Version 2

changes.mady.by.user Olga Kosareva

Saved on

compared with

New Version Current

changes.mady.by.user Olga Kosareva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
_IW Academy
_IW Academy

Hide_comments
Switch configuration

The Switch configuration is based on a set of rules for the switching groups:

  • An unique numeric identifier (1-4999) for each group
  • Two or more local network interfaces (ethX, tunX, etc) and a set of rules (filters) which allow placing different types of traffic into different switching groups
  • Each node can have several switching groups. The same interfaces or group of interfaces can be used in several groups simultaneously
  • Switching groups are activated on different nodes of the MINT network. The nodes that have the same switching group identifier in their configurations represent a "switching zone"
  • "Switching zone" exists only within the MINT network segment.

Switch groups

The MINT network can be viewed as one virtual distributed layer-3 switch, where border nodes act as external ports of the virtual switch. The virtual switch task is to transport frames from one external port to another. It is important to understand that switch groups should be created only on the nodes where frames enter from or leave to the "outside" network ("outside" relative to MINT). In order to put an incoming frame into one of the switch groups, a set of flexible rules is used, which allow sorting frames according to various criteria, like:

  • VLAN tag
  • Protocol type
  • Addresses (MAC/IP)
  • Ports
  • Any PCAP expressions.

Device Management 

For the management purposes, you can create a dedicated Switch Group for all units in the MINT network, attached to the Switch Virtual Interface (SVI). Assign the IP addresses directly on the SVI interface for native management. All packets sent via SVI interface will be distributed only within the assigned switch group.

Switch Group rules

Once assigned to one of the switch groups, a frame will never leave it until it reaches one of the external ports. Switch group rules are applied only when the frame enters to MINT network through one of its external ports. When leaving the network, no rules are required as the frame already belongs to one of the switch groups and it is automatically forwarded to an external port(s) that belongs to the corresponding switch group.

...

Code Block
languagetext
themeEmacs
not ip multicast

Detailed filter expression syntax description

The filter expression determines which packets are selected by the filter for further processing. If no expression is given, all the packets on the net are selected. Otherwise, only the packets for which expression is “true” are selected. There are three different kinds of qualifier:

...

Negation has highest precedence. Alternation and concatenation have equal precedence and associate left to right. Note that explicit and tokens, not juxtaposition, are now required for concatenation. If an identifier is given without a keyword, the most recent keyword is assumed. For example, “not host 1.1.1.1 and 2.2.2.2” is short for “not host 1.1.1.1 and host 2.2.2.2” and should not be confused with “not (host 1.1.1.1 or 2.2.2.2)”.

MAC Switch

 In the "MAC Switch" section, you can view the Switch Groups and Rules that are already created, including the management switch group. You can change the parameters for these Switch Groups, delete them by clicking the "Remove Group" button or create new ones by clicking the "Create Switch Group" button. The same operations are available for the switching rules: add a new rule within a switch group by clicking the "Add Rule" button (located within sub-menu "Rules" of this group) or delete an existing rule by clicking the "Remove Rule" button.

...

Note
titleNOTE

 In all three types of filters: Switching, IP Firewall and Traffic Shaping, there is the same syntax called “PCAP expression” for setting a rule. It is a universal tool for creating filters.

IGMP Snooping

In this section you can set the IGMP parameters for the groups for which support of IGMP snooping is enabled (the IGMP check box is marked for these groups in the "MAC Switch" section).IGMP Snooping is a multicast constraining mechanism that runs on Layer 2 devices to manage and control multicast groups. By listening to and analyzing IGMP messages, the device running IGMP Snooping establishes mappings between ports and multicast MAC addresses and forwards multicast data based on these mappings. In order for IGMP snooping to function, a multicast router must exist on the network and generate IGMP queries. The tables created for snooping (holding the member ports for each a multicast group) are associated with the multicast router. Without a multicast router, the tables are not created and snooping will not work. Furthermore, IGMP general queries must be unconditionally forwarded by all switches involved in IGMP snooping. IGMP Snooping parameters can be set within "MAC Switch" section.

...