23.2. IP Flow table

Changes on IP Flow table are active only after an init ipsh command.

The command save conf saves all flows inside the table. In the configuration files up to 255 flows are saved.

The available commands for managing the IP flow table are the following:

23.2.1. D IPSH FLOW (Display IP Shaping Flow)

It shows the IP shaping flow table. By typing d ipsh flow ? command it's possible to display the meaning of all parameters.

[14:36:28] ABILIS_CPX:d ipsh flow

---+---------------------------------------------------------------------------
PR:|[DESCR:]
   |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK:    |IP:
---+----+-----+-------+-------+----------+-------------------------------------
0   IN   1          64     350 PRE-NAT    192.168.000.000/24
1   OUT  1         256    5000 POST-NAT   192.168.000.000/24

Meaning of the parameters:

PR

Priority of IPSH flow [0..254].

DESRC

Entry description. From 0 up to 70 Alphanumeric extended characters. Case is preserved. Spaces are allowed. The strings holding spaces must be written between quotation marks (E.g. "str1 str2").

DIR

Flow direction [IN, OUT] When 'IN', the shaping in made by checking the source IP of packets received by Abilis CPX. When 'OUT', the shaping in made by checking the destination IP of packets transmitted by Abilis CPX.

RULE

The rule assigned to current flow [#, LOWBW, HIGHBW, 1..32] When '#', rule is not assigned. When 'LOWBW', bandwidth is limited to LOWBW: value. When 'HIGHBW', bandwidth is limited to HIGHBW: value. When 1..32, the identifier of a dynamic rule in the IPSH RULE table.

LOWBW

Lower bandwidth limit [64..100000 kbit/sec]. The actual bandwidth limit will be modulated between LOWBW: and HIGHBW: according to the RULE: algorithm.

HIGHBW

Higher bandwidth limit [64..100000 kbit/sec] The actual bandwidth limit will be modulated between LOWBW: and HIGHBW: according to the RULE: algorithm.

CHECK

Where to check IP address [PRE-NAT, POST-NAT, PRE-IPSEC, POST-IPSEC].

  • When 'PRE-NAT', the analysis is performed before NAT.

  • When 'POST-NAT', the analysis is performed after NAT.

  • When 'PRE-IPSEC', the analysis is performed before IPSEC.

  • When 'POST-IPSEC', the analysis is performed after IPSEC.

IP

IP address filter. For DIR:IN the filter is applied on SOURCE IP. For DIR:OUT the filter is applied on DESTINATION IP. Single IP address [0.0.0.1-255.255.255.255] or subnet [x.x.x.x/y] or IP addresses range separated by ':' (colon) or the name of an IP/IR/RU/MR list between primes or "#" or "*".

23.2.2. A IPSH FLOW (Add IP Shaping Flow)

It adds a new IP flow definition with the specified parameters. Unspecified ones are set to their default values.

To display the syntax of the command, type a ipsh flow ?.

Some examples follow:

[14:00:15] ABILIS_CPX:a ipsh flow pr:0 rule:1 lowbw:512 highbw:8192 ip:192.168.0.5

COMMAND EXECUTED

[14:00:15] ABILIS_CPX:a ipsh flow pr:1 dir:out rule:1 lowbw:256 highbw:4096 check:post-nat ip:192.168.0.5/24

COMMAND EXECUTED

[14:01:01] ABILIS_CPX:d ipsh flow

---+---------------------------------------------------------------------------
PR:|[DESCR:]
   |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK:    |IP:
---+----+-----+-------+-------+----------+-------------------------------------
0   IN   1         512    8192 PRE-NAT    192.168.000.005
2   OUT  1         256    4096 POST-NAT   192.168.000.000/24

23.2.3. C IPSH FLOW (Clear IP Shaping Flow)

It deletes from the table the IP flow identified by the specified “PR:xx”.

To display the syntax of the command, type c ipsh flow ?.

Some examples follow:

[13:55:27] ABILIS_CPX:d ipsh flow

---+---------------------------------------------------------------------------
PR:|[DESCR:]
   |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK:    |IP:
---+----+-----+-------+-------+----------+-------------------------------------
0   IN   1         512    8192 PRE-NAT    192.168.000.005
1   IN   1         256    4096 PRE-NAT    192.168.000.000/24
2   OUT  1         256    4096 POST-NAT   192.168.000.000/24 

[13:55:27] ABILIS_CPX:c ipsh flow pr:1

COMMAND EXECUTED

[13:55:27] ABILIS_CPX:d ipsh flow

---+---------------------------------------------------------------------------
PR:|[DESCR:]
   |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK:    |IP:
---+----+-----+-------+-------+----------+-------------------------------------
0   IN   1         512    8192 PRE-NAT    192.168.000.005
1   OUT  1         256    4096 POST-NAT   192.168.000.000/24

23.2.4. S IPSH FLOW (Set IP Shaping Flow)

It sets one or more parameters to their new values in an IP flow table, identified by the specified “PR:xx”.. This command can only be used to modify specific IP flow definitions in the table.

Type s ipsh flow ? to display the syntax of the command.

Some examples follow:

[13:56:01] ABILIS_CPX:d ipsh flow

---+---------------------------------------------------------------------------
PR:|[DESCR:]
   |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK:    |IP:
---+----+-----+-------+-------+----------+-------------------------------------
0   IN   1         512    8192 PRE-NAT    192.168.000.005
1   IN   1         256    4096 PRE-NAT    192.168.000.000/24

[13:56:25] ABILIS_CPX:s ipsh flow pr:1 dir:out check:post-nat

COMMAND EXECUTED

[13:57:38] ABILIS_CPX:d ipsh flow

---+---------------------------------------------------------------------------
PR:|[DESCR:]
   |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK:    |IP:
---+----+-----+-------+-------+----------+-------------------------------------
0   IN   1         512    8192 PRE-NAT    192.168.000.005
1   OUT  1         256    4096 POST-NAT   192.168.000.000/24