When operating in multi-service mode, SR OS H-OFS supports matching on port and VLAN IDs as part of Flow Table match criteria. When an OF controller specifies incoming port and VLAN values other than "ANY", the H-OFS instance translates them to an SRĀ OS VPLS SAP (sros-cookie must be set to a valid VPLS service ID). If the translation does not result in an existing VPLS SAP, the rule is rejected and an error is returned to the controller.
A flow table rule with a port/VLAN ID match is programmed only if the matching SAP has this H-OFS instance embedded in its ACL ingress filter policy using SAP scope of embedding (embed open-flow sap). See SR OS H-OFS port and VLAN encoding for required encoding of port and VLAN IDs.
The SR OS H-OFS supports a mix of rules with service scope and with SAP scope. For VPLS SAPs, an H-OFS instance must be embedded twice: after for the VPLS service and after for the SAP if both service-level and SAP-level rules are to be activated.
An example of activating both service-level and SAP-level rules inside a single ACL policy 1 used on VPLS SAP 1/1/1:100 is as follows:
configure filter ip-filter 1
scope exclusive
embed open-flow "ofs1" service vpls100 offset 100
embed open-flow "ofs1" sap 1/1/1:100 offset 200
Restrictions:
Because an H-OFS instance does not support overlapping priorities within a single sros-cookie (type+value), the priority for rules applicable to different SAPs within the same VPLS service must not overlap.
Masking is not supported when adding a new flow table rule with a port and VLAN ID match.