| 27.2. IP Flow table | ||
|---|---|---|
 | Chapter 27. IPSH - IP Shaping |  |
| 27.2. IP Flow table | ||
|---|---|---|
| | Chapter 27. IPSH - IP Shaping | |
Changes on IP Flow table are active only after an init ipsh command.
The command save conf saves all flows inside the table. In the configuration files up to 255 flows are saved.
The available commands for managing the IP flow table are the following:
It shows the IP shaping flow table. By typing d ipsh flow ? command it's possible to display the meaning of all parameters.
[14:36:28] ABILIS_CPX:d ipsh flow
---+---------------------------------------------------------------------------
PR:|[DESCR:]
|DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP:
---+----+-----+-------+-------+----------+-------------------------------------
0 IN 1 64 350 PRE-NAT 192.168.000.000/24
1 OUT 1 256 5000 POST-NAT 192.168.000.000/24The meaning:
PRPriority of IPSH flow [A, 0..254]
DESRCEntry description. Max 70 chars. Spaces require double quotes (E.g. "str1 str2"). It is displayed only when not empty.
DIRFlow direction [IN, OUT] When 'IN', the shaping in made by checking the source IP of packets received by Abilis CPX. When 'OUT', the shaping in made by checking the destination IP of packets transmitted by Abilis CPX.
RULEThe rule assigned to current flow [#,
LOWBW, HIGHBW,
1..32]:
When #, rule is not assigned.
When LOWBW, bandwidth is limited to
LOWBW: value.
When HIGHBW, bandwidth is limited to
HIGHBW: value.
When 1..32, the identifier of a
dynamic rule in the IPSH RULE table.
LOWBWLower bandwidth limit [64..100000 kbit/sec]. The actual
bandwidth limit will be modulated between
LOWBW: and HIGHBW: according
to the RULE: algorithm.
HIGHBWHigher bandwidth limit [64..100000 kbit/sec] The actual
bandwidth limit will be modulated between
LOWBW: and HIGHBW: according
to the RULE: algorithm.
CHECKWhere to check IP address [PRE-NAT,
POST-NAT, PRE-IPSEC,
POST-IPSEC].
When 'PRE-NAT', the analysis is
performed before NAT.
When 'POST-NAT', the analysis is
performed after NAT.
When 'PRE-IPSEC', the analysis is
performed before IPSEC.
When 'POST-IPSEC', the analysis is
performed after IPSEC.
IPIP address filter. For
DIR:IN the filter is applied
on SOURCE IP. For DIR:OUT
the filter is applied on DESTINATION IP. Single IP address
[0.0.0.1-255.255.255.255] or subnet [x.x.x.x/y] or IP addresses
range separated by ':' (colon) or the name of an IP/IR/RU/MR list between primes or "#" or
"*".
It adds a new IP flow definition with the specified parameters. Unspecified ones are set to their default values.
To display the syntax of the command, type a ipsh flow ?.
Some examples follow:
[14:00:15] ABILIS_CPX:a ipsh flow pr:0 rule:1 lowbw:512 highbw:8192 ip:192.168.0.5COMMAND EXECUTED [14:00:15] ABILIS_CPX:a ipsh flow pr:1 dir:out rule:1 lowbw:256 highbw:4096 check:post-nat ip:192.168.0.5/24COMMAND EXECUTED [14:01:01] ABILIS_CPX:d ipsh flow---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 2 OUT 1 256 4096 POST-NAT 192.168.000.000/24
It deletes from the table the IP flow identified by the specified
“PR:xx”.
To display the syntax of the command, type c ipsh flow ?.
Some examples follow:
[13:55:27] ABILIS_CPX:d ipsh flow---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 1 IN 1 256 4096 PRE-NAT 192.168.000.000/24 2 OUT 1 256 4096 POST-NAT 192.168.000.000/24 [13:55:27] ABILIS_CPX:c ipsh flow pr:1COMMAND EXECUTED [13:55:27] ABILIS_CPX:d ipsh flow---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 1 OUT 1 256 4096 POST-NAT 192.168.000.000/24
It sets one or more parameters to their new values in an IP flow
table, identified by the specified
“PR:xx”.. This
command can only be used to modify specific IP flow definitions in the
table.
Type s ipsh flow ? to display the syntax of the command.
Some examples follow:
[13:56:01] ABILIS_CPX:d ipsh flow---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 1 IN 1 256 4096 PRE-NAT 192.168.000.000/24 [13:56:25] ABILIS_CPX:s ipsh flow pr:1 dir:out check:post-natCOMMAND EXECUTED [13:57:38] ABILIS_CPX:d ipsh flow---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 1 OUT 1 256 4096 POST-NAT 192.168.000.000/24
| |  | |
| 27.1. IPSH resource |  | 27.3. IP Rule table |