Manualshelf

Owner's Manual

ManualsBrandsDell ManualsserversDell Active Fabric Controller
11121314151617181920
Port mirroring (RSPAN/SPAN)
Legacy using WAN ports
Middlebox
Filter
Permit
Deny
Redirect (to a middlebox, mirror, uplink, IP address, or VLAN)
Service class (Platinum, Gold, or Silver)
You can associate these policy types with resources such as a network, endpoint, host port, or WAN port.
Policy Association
Associate policies with a resource, such as a tenant, network, or endpoint using the GUI or REST APIs.
When you associate a policy with a resource, the controller generates flow-mod messages that include
the associated resource information for the rules in the policy. The controller installs the policy rules on
the applicable switches.
If you associate a policy with a network, the policy is applied on all edge ports for the specified network.
Network policies apply to ingress traffic only.
If you associate a policy with a tenant, the controller associates that policy with all networks created by
the specified tenant. You can flag this policy to be applied to any networks created in the future by the
tenant.
Network Policies
Network policies define workload behavior. There are two components to a network policy:
Policy definition — one or more rules that define priority and action for matching results
Association points — policies that alter network or workload behavior
To configure network behavior, associate the policy with a specific network at the provider or tenant
level. You can also configure policies to specify behavior on a per-workload basis or for a set of
workloads. You must associate the policy to a specific network interface for the workload.
Endpoint Policies
You can associate an endpoint policy with either ingress or egress traffic. Policy rules applied to traffic
from the endpoint are considered an ingress policy; policy rules applied to traffic to the endpoint are
considered an egress policy. When you create an endpoint policy, the flow-mod messages for the policy
rules are updated to include the endpoint address. To determine which action to take, match criteria use
the endpoint address and the policy direction (ingress or egress) .
You can only configure an endpoint policy from the endpoint switch. Because the controller relies on a
packet sent from the endpoint to determine the fabric edge, if you create an endpoint policy before the
connectivity between the endpoint and the fabric edge is discovered, the controller does not install the
flow-mod message update until connectivity is established. If endpoint connectivity changes, any
associated policies are updated with the new endpoint information.
Active Fabric Features
15