How do MTP Hardware Filters work?

Document ID : KB000019273
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This article supplements the information about MTP Hardware Filters found in the documentation.

Solution:

MTP Hardware Filters, if set incorrectly, can exclude needed traffic to the TIM. This article provides additional documentation.

  • Types of Servers

    • The MTP Install Guide and APM for IM (Infrastructure Management) states the following:
    • IP Addresses: The IP addresses of individual hosts to monitor or exclude from monitoring.
    • Typically, these hosts include load balancers, web servers, and firewalls. Monitored hosts do not refer to client IP addresses.
  • Multiple Hardware Filter Logic

    • When configuring a hardware filter, the criteria listed in a single field (e.g. IP Address) is treated as an OR.
    • For example, if specifying a list of IP addresses, a packet will match the filter if the packet's source OR destination address matches any IP address in the list.
    • If multiple fields are used, the criteria for each field is treated as an AND.
    • For example, if specifying both a list of IP addresses and a port number, the packets would match the filter if the source OR destination address matches any IP address in the list AND the source or destination port matches the port specified.
    • Clicking on the "Show Details" link of the hardware filter, will display the logic used when combining different fields.
    • The syntax follows what is required by Napatech to specify the hardware filters; the keywords such as mIPSrcAddr, mIPDestAddr, mTCPSrcPort, mTCPDestPort are macros that indicate the field of the packet.
    • To create more sophisticated filters, use the Advanced Hardware Filter page to build up the expression.

Note: when the nqcapd daemon is started, it passes all enabled filters for each logical port to the Napatech driver. The filter criteria consists of what is specified by the UI plus MTP code which automatically adds the Channel=n clause based on what physical ports are mapped to the logical port.

When multiple hardware filters are created on a logical port they are treated as an OR. Traffic is captured if it matches the criteria specified by any hardware filter. The filter priority indicates the order in which filters are applied. If there are overlapping criteria in the filters, the priority can be used to determine other options such as slicing.