Filter
Location in GUI: Tenants » XXX » Contracts » Filters
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”tenants (apic)
Section titled “tenants (apic)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| filters | List | [filters] | No |
filters (apic.tenants)
Section titled “filters (apic.tenants)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| entries | List | [entries] | No |
entries (apic.tenants.filters)
Section titled “entries (apic.tenants.filters)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ethertype | Choice | unspecified, ipv4, trill, arp, ipv6, mpls_ucast, mac_security, fcoe, ip | No | ip |
| protocol | Any | Integer[min: 0, max: 255] or Choice[unspecified, icmp, igmp, tcp, egp, igp, udp, icmpv6, eigrp, ospfigp, pim, l2tp] | No | tcp |
| source_from_port | Any | Integer[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh] | No | unspecified |
| source_to_port | Any | Integer[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh] | No | |
| destination_from_port | Any | Integer[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh] | No | unspecified |
| destination_to_port | Any | Integer[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh] | No | |
| stateful | Boolean | true, false | No | false |
Examples
Section titled “Examples”Examlpe-1: This configures a basic filter FILTER1 with a single HTTP entry, which matches traffic with the ethertype of ip, protocol of tcp, and a destination port of 80 for HTTP. The destination port can be a range between destination_from_port and destination_to_port, and they are both set to the same value to only match a single port and not a range.
apic: tenants: - name: ABC filters: - name: FILTER1 entries: - name: HTTP ethertype: ip protocol: tcp destination_from_port: 80 destination_to_port: 80Example-2: This configures a filter WEB with multiple entries to match related traffic, such as entry 1 being for HTTP and the second named HTTPS. The HTTP entry matches traffic with the ethertype of ip, protocol of tcp, and a destination port of 80 for HTTP. The HTTPS entry matches traffic with the ethertype of ip, protocol of tcp, and a destination port of 443 for HTTP. This allows for the logical grouping of related types of traffic into a single filter for flexibility where a number of different ports are related to a given service. Another similar example could be backup traffic.
apic: tenants: - name: ABC filters: - name: WEB description: Matches HTTP and HTTPS traffic entries: - name: HTTP ethertype: ip protocol: tcp destination_from_port: 80 destination_to_port: 80 - name: HTTPS ethertype: ip protocol: tcp destination_from_port: 443 destination_to_port: 443Examlpe-3: This configures a filter K8S which demonstrates the use of a range of ports. This example allows TCP ports between destination_from_port 10250 to destination_to_port 10259 for Kubernetes as an example.
apic: tenants: - name: ABC filters: - name: WEB description: Matches K8S ports entries: - name: HTTP ethertype: ip protocol: tcp destination_from_port: 10250 destination_to_port: 10259Example-4: This configures a WEB filter with source_from_port and source_to_port set to 80 with the ethertype being ip and the protocol tcp. While it is not common to define the source ports, this can be useful when used with uni-directional contracts to selectively match differen types of traffic in a given direction (provider or consumer). Such a filter may be used with the web EPG being the consumer, where it initiates a request from the web server.
apic: tenants: - name: ABC filters: - name: WEB description: Matches HTTP traffic as the source port entries: - name: HTTP ethertype: ip protocol: tcp source_from_port: 80 source_to_port: 80