Usage

In this section, it is assumed that Virtual Accelerator has been properly installed and configured. See Getting Started for more details.

Managing ebtables rules

Use the ebtables Linux program to define bridge filtering rules.

Note

Only a subset of targets and matches is supported.

See also

For more information on the ebtables syntax, see the ebtables manual.

Viewing ebtables rules from the fast path

The fp-cli command below allow you to view current ebtables rules.

1. To start fp-cli, enter:

   $ fp-cli
   

Displaying ebtables rules

Synopsis

filter-bridge [broute|filter [all]]

filter

Display filter table rules.

broute

Display broute table rules.

all

Display all rules instead of a simple summary.

Example

<fp-0> filter-bridge filter all
filter bridge is on

EBTable: filter
              pre   in  fwd  out post  brt
Valid hooks:         x    x    x
Hooks:          0    0    2    4    0    0
Underflows:     0    1    3    4    0    0

#   0:   -p IPv6 --ip6-dst 3ffe:0002:0010:0000:0000:0000:0000:0001/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  Target: STANDARD, verdict: FP_EBT_ACCEPT
#   1:   policy (INPUT)
  Target: STANDARD, verdict: FP_EBT_ACCEPT
#   2:   -s 03:03:03:03:03:03/ff:ff:ff:ff:ff:ff
  Target: STANDARD, verdict: 6
#   3:   policy (FORWARD)
  Target: STANDARD, verdict: FP_EBT_ACCEPT
#   4:   policy (OUTPUT)
  Target: STANDARD, verdict: FP_EBT_ACCEPT
#   5:   ERROR
#   6:   -s 04:04:04:04:04:04/ff:ff:ff:ff:ff:ff
  Target: STANDARD, verdict: FP_EBT_ACCEPT
#   7:   policy (user-defined-chain)
  Target: STANDARD, verdict: FP_EBT_ACCEPT
#   8:   ERROR

Enabling or disabling ebtables

Synopsis

filter-bridge-set on|off

Example

<fp-0> filter-bridge-set on
filter-bridge is on

ebtables cache status

Synopsis

ebt-cache

Example

<fp-0> ebt-cache
filter bridge cache is on
filter bridge drop cache is on

Enabling or disabling ebtables cache

Synopsis

ebt-cache-set on|off

Example

<fp-0> ebt-cache-set on
ebt-cache is on

Enabling or disabling ebtables cache for drop flows

Synopsis

ebt-cache-drop-set on|off

Example

<fp-0> ebt-cache-drop-set on
ebt-cache-drop is on

Providing options

--max-rules

Maximum number of bridge filter rules

Default value

3072

Memory footprint per IPv4 Netfilter rule

35 KB

Range

0 .. 40K

Note

See Fast Path Capabilities documentation for impact of the available memory on the default value of configurable capabilities