Capturing Virtual Service and Service Engine using CLI

This section describes the procedure to capture virtual service and SE traffic through CLI.

The Service Engine and virtual service can now use AND/OR/NOT filters for packet capture.

The new field capture_pkt_filter introduced as part of debugserviceengine / debugvirtualservice can now take a combination of atmost 20 different filters that can be OR’ed among each other.

Starting with Avi Load Balancer 30.2.1 version, IPv4, TCP filters are supported. The capture_pkt_filter provides the following schema:

[admin:controller]: debugserviceengine:capture_pkt_filter>
capture_tcp_filters   (submode)

[admin:controller]: debugserviceengine:capture_pkt_filter:capture_tcp_filters>
dst_port_range   (submode)
eth_proto        Ethernet Proto filter.
host_ip          (submode)
save             Save and exit the current submode
show_schema      show object schema
src_port_range   (submode)
tcpflag          (submode)


Field Name	Action
`dst_port_range`	Destination port range filter.
`src_port_range`	Source port range filter.
`eth_proto`	Ethernet protocol filter. This field supports only IPv4.
`ip_proto`	IP protocol filter. This field supports TCP only.
`host_ip`	Takes host address as input with multiple hosts or range of host IPs or prefix of a subnet.
`tcpflags`	Takes combination of TCP flags (`tcp_syn`, `tcp_ack`, `tcp_fin`, `tcp_push`, `tcp_rst`) as input and can be used with AND/ OR/ NOT filters.
`match_operation`	This is a part of each submode and take value as [`IS_IN` or `IS_NOT_IN`] to provide NOT like capability.
`filter_operation`	This is part of submode tcpflags only, takes value [AND or OR] to provide logical AND/ OR like capability.

Configuration Example

[admin:vmware-ctlr]: debug serviceengine Avi-se-vqnny capture_pkt_filters
[admin:vmware-ctlr]: debugserviceengine> capture_pkt_filter
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter> capture_tcp_filters
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters>
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:host_ip> addrs 1.1.1.1
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:host_ip> addrs 2.2.2.2
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:host_ip> save
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters> eth_proto eth_type_ipv4
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters> dst_port_range
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:dst_port_range> dst_port_start 2000
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:dst_port_range> dst_port_end 5000
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:dst_port_range> save
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:src_port_range> src_port_start 60124
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:src_port_range> src_port_end 62000
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:src_port_range> save
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters> tcpflag
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:tcpflag> tcp_syn
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:tcpflag> tcp_fin
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:tcpflag> match_operation is_in
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:tcpflag> filter_op or
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters:tcpflag> save
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter:capture_tcp_filters> save
[admin:vmware-ctlr]: debugserviceengine:capture_pkt_filter> save
[admin:vmware-ctlr]: debugserviceengine> save
[admin:vmware-ctlr]: debugserviceengine> save
+----------------------------+-----------------------------------------+
| Field                      | Value                                   |
+----------------------------+-----------------------------------------+
| uuid                       | se-df929027-a766-425a-b661-429e32eb405f |
| name                       | Avi-se-vqnny                            |
| capture_pkt_filters        |                                         |
|   capture_tcp_filter[1]    |                                         |
|     host_ip                |                                         |
|       [1]                  | 1.1.1.1                                 |
|       [2]                  | 2.2.2.2                                 |
|     eth_proto              | ETH_TYPE_IPV4                           |
|     dst_port_range         |                                         |
|       dst_port_start       | 2000                                    |
|       dst_port_end         | 5000                                    |
|     src_port_range         |                                         |
|       src_port_start       | 60124                                   |
|       src_port_end         | 62000                                   |
|     tcpflag                |                                         |
|       tcp_syn              | True                                    |
|       tcp_fin              | True                                    |
|       match_operation      | IS_IN                                   |
|       filter_op            | OR                                      |
| tenant_ref                 | admin                                   |
+----------------------------+-----------------------------------------+

The capture_tcp_filter field is a repeated field (max 20) and can be configured with different combinations. The set of capture_tcp_filter is OR’ed among each other.