Login
- Table of Contents
-
- 03-Security Configuration Guide
- 00-Preface
- 01-ARP attack protection configuration
- 02-ASPF configuration
- 03-IP-MAC binding configuration
- 04-Keychain configuration
- 05-ND attack defense configuration
- 06-Password control configuration
- 07-uRPF configuration
- 08-Location identification configuration
- 09-Security zone configuration
- 10-User identification configuration
- 11-MAC learning through a Layer 3 device configuration
- 12-Microsegmentation configuration
- 13-IP-SGT mapping configuration
- 14-SMS configuration
- 15-Trusted access control configuration
- 16-Application account auditing configuration
- 17-Terminal identification configuration
- 18-IPoE configuration
- 19-Flow manager configuration
- 20-Object group configuration
- 21-IP source guard configuration
- 22-Server connection detection configuration
- 23-PKI configuration
- 24-SSL configuration
- 25-Crypto engine configuration
- 26-AAA configuration
- 27-Portal configuration
- 28-IPsec configuration
- 29-Public key management
- 30-Attack detection and prevention configuration
- 31-Security policy configuration
- 32-Session management
- 33-Connection limit configuration
- 34-DDoS protection configuration
- 35-SSH configuration
- 36-SDP zero trust configuration
- 37-APR configuration
- 38-Overbilling prevention configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 19-Flow manager configuration | 43.66 KB |
Configuring the flow manager
About the flow manager
The flow manager allows the device to direct bidirectional packets of the same flow to the same security engine when multiple security engines exist on the device. For more information about security engines, see context configuration in Virtual Technologies Configuration Guide.
Querying OpenFlow entries
Each service module can call the flow manager to query OpenFlow entries and transparently transmit traffic among security engines. A service module needs to call the flow manager to query OpenFlow entries in the following situations:
· Different services of the same flow need to be processed by different security engines.
· OpenFlow entries cannot be queried through interfaces cards, and bidirectional packets of the same flow cannot be directed to the same security engine. In this case, an interface card can sends the traffic to a security engine. The flow manager queries OpenFlow entries on the security engine and transparently transmit the traffic to the target security engine.
Enabling the flow manager for Layer 2 forwarding
About this task
An interface card cannot obtain packet information of the packets with two VLAN tags, and therefore cannot send the packets to the correct security engine.
This feature can query OpenFlow entries for such packets and transparently transmit them to the correct security engine.
Procedure
1. Enter system view.
system-view
2. Enable the flow manager for Layer 2 forwarding.
flow-manager mac-forwarding enable
By default, the flow manager is disabled for Layer 2 forwarding.