Skip to content
Network as Code

Hypershield

Hypershield (Service Acceleration) provides network-integrated security enforcement on NX-OS by redirecting traffic through DPU-based firewall processing. The configuration specifies a source interface, optional HTTPS proxy settings, and a firewall service that maps VRFs to DPU module affinity for distributed security processing. Hypershield requires the service_acceleration feature to be enabled.

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

system (nxos.devices.configuration)

Section titled “system (nxos.devices.configuration)”
NameTypeConstraintMandatoryDefault Value
hypershieldClass[hypershield]No

hypershield (nxos.devices.configuration.system)

Section titled “hypershield (nxos.devices.configuration.system)”
NameTypeConstraintMandatoryDefault Value
source_interface_typeChoiceethernet, loopback, mgmt, port-channel, vlan, vniNo
source_interface_idStringNo
https_proxyStringNo
https_proxy_portIntegermin: 1, max: 65535No
firewall_in_serviceBooleantrue, falseNo
firewall_vrfsList[firewall_vrfs]No

firewall_vrfs (nxos.devices.configuration.system.hypershield)

Section titled “firewall_vrfs (nxos.devices.configuration.system.hypershield)”
NameTypeConstraintMandatoryDefault Value
nameStringYes
module_affinityIntegermin: 0, max: 16No

Examples

Section titled “Examples”

Example 1: Basic Hypershield with HTTPS proxy

nxos:
  devices:
    - name: LEAF1
      configuration:
        system:
          hypershield:
            source_interface_type: loopback
            source_interface_id: lo100
            https_proxy: proxy.example.com
            https_proxy_port: 80

Example 2: Hypershield with firewall VRF redirection and dynamic module affinity

nxos:
  devices:
    - name: LEAF1
      configuration:
        system:
          hypershield:
            source_interface_type: loopback
            source_interface_id: lo100
            https_proxy: proxy.example.com
            https_proxy_port: 80
            firewall_in_service: true
            firewall_vrfs:
              - name: red
                module_affinity: 0
              - name: green
                module_affinity: 3

Example 3: Hypershield with multiple VRFs and specific module affinity

nxos:
  devices:
    - name: LEAF1
      configuration:
        system:
          hypershield:
            source_interface_type: loopback
            source_interface_id: lo100
            firewall_in_service: true
            firewall_vrfs:
              - name: PROD
                module_affinity: 1
              - name: DEV
                module_affinity: 2