Packetmaster filter rules

Fillter rules for Packetmaster EX series

All with a read dot marked fields can be used as filter match also in combination



Packetmaster filter rules
in_port=port_number Ingress port number
dl_src=xx:xx:xx:xx:xx:xx Ethernet source address
dl_dst=xx:xx:xx:xx:xx:xx [/ xx:xx:xx:xx:xx:xx] Ethernet destination address
This keyword supports a wildcard mask following the slash. Only four masks are allowed.
− 01:00:00:00:00:00
   Match only the multicast bit. Thus, dl_dst = 01:00:00:00:00:00/01:00:00:00:00:00
   matches all multicast (including broadcast) Ethernet packets, and dl_dst =
   00:00:00:00:00:00/01:00:00:00:00:00 matches all unicast Ethernet packets.
   Match all bits except the multicast bit. This is probably not useful.
   Exact match (equivalent to omitting the mask)
− 00:00:00:00:00:00
   Wildcard all bits (equivalent to dl_dst = *).
dl_type=ethertype Ethernet Protocol type ethertype, such as 0x0806 to match ARP packets
dl_vlan_pcp=priority Matches IEEE 802.1q Priority Code Point (PCP) priority
dl_vlan=vlan Matches IEEE 802.1q Virtual LAN tag vlan
vlan_tci=tci Matches modified VLAN TCI
nw_src=ip[/netmask] IPv4 source address
nw_dst=ip[/netmask] IPv4 destination address
The optional
netmask allows restricting a match to an IPv4 address prefix. The netmask
may be specified as a dotted quad (e.g. or as a CIDR block (e.g.
dl_type=0x0806 or arp is specified, matches the arp_spa or arp_tpa field,
respectively, I ARP packets for IPV4 and Ethernet.
dl_type is wildcarded or set to a value other than 0x0800 or 0x0806, the values of
nw_src and nw_dst are ignored.
nw_proto=proto IP Protocol type proto which is specified as a decimal number between 0 and 255, inclusive
(e.g. 1 to match ICMP packets or 6 to match TCP packets)
nw_tos=tos IP ToS/DSCP traffic class field ToS which is specified as a decimal number between 0 and 255, inclusive.
tp_src=port UDP or TCP source port.

UDP or TCP destination port which is specified as a decimal number between 0 and 65535, inclusive

(e.g. 80 to match packets originating from a HTTP server)

icmp_type=type ICMP Protocol type which is specified as a decimal number between 0 and 255
dl_type and nw_proto take other values other than ICMP, the values of this setting is ignored.
icmp_code=code ICMP Protocol code which is specified as a decimal number between 0 and 255
dl_type and nw_proto take values other than ICMP, the values of this setting isignored.
idle_timeout=seconds Causes the flow to expire after the given number of seconds of inactivity
A value of 0 (the default) prevents a flow from expiring due to inactivity.
hard_timeout=seconds Causes the flow to expire after the given number of seconds, regardless of activity
A value of 0 (the default) gives the flow no hard expiration deadline.

Wildcard match fields:

  • VLAN_ID/

Available Actions:

    MPLS_LABEL/MPLS_TC/TUNNEL_ID (means change the field)


Saturday, 01 May 2010 Posted in EX2, EX5-2, EX 6, EX12

Cubro Solutions

EX2 10 Gbit monitoring with load balanced output

Use the integrated optical TAP to connect to the live link and use the load balancing features to monitor the traffic

Packetmaster as Patchfield

The Packetmaster EX can be used as intelligent patch field. This is feature is possible because the EX has no designated in and out port configuration. Each port is an input and an output at the same time.

Layer 1 Media Conversion

The Cubro 1/10 Gbit Media converter is a nice a simple tool to solve many problems in the daily network business. You can select the media by changing the SFP. The unique design supports also CWDM / DWDM and BIDI SFP.

Cubro NPB units support bypass function

The Cubro Bypass Application is a superior way to provide a fail-safe access port for an in-line monitoring appliance. From EX2 with Gbit up to EX 20400 with 100 Gbit bypass feature. With and without optical layer 1 switch support.


384 x 10 Gbit ports cross connect

We use 6 Packetmaster EX 20400 to realize this 384 x 10 Gbit port cross connect !

  • 400 Gbit backbone
  • tunneling via VXLAN
  • non blocking
  • any to any & many to any & any to many support
  • easy expandable


EX2 Multi Gbit Cooper aggregation

The Packetmaster EX2 can work as a dual link TAP with dual aggregation output, with filtering and load balancing, at the same time.

Stacking Packetmasters

Customer Solution!

Request: aggregation and filtering traffic for monitoring system 32 x 1 Gbit links & 10 x 10 Gbit links

Aggregation of two 10 Gbit span ports to 1 10 Gbit output with EX2+

This application is normally not possible because the EX2+ has only two 10 Gbit ports and you need 3 to do this job.  But we at Cubro give our units some extra features to do this with two ports.

A optical ports has an transmitter and a receiver part, this two “ports” can be used separately in all Cubro NPB. The other feature what you need is the optical tap at the back.


You can enlarge the transfer range of your media dramatically without risking errors on your data. The examples below show some common options, but a lot more combinations are possible.

100 Gbit LR4 multiple splitting

Sometimes it is needed to tap a 100 Gbit LR4 link more than one time, this is not easy because the optical budget is too small to do that.

aggregation 40 x 10 Gbit links with one EX 20400

Cubro now offers a "NEW" Packetmaster solution with 80 x 10 Gbit Ethernet ports.
The base unit is the EX 20400 with a new firmware that gives us the possibility to convert
a 40 Gbit port into 4 independent 10 Gbit ports.