Zones

Principles

A zone is an arbitrary container in which groups of peers can be kept and organized according to their network address.

Each peer being attributed a zone, a conversation between two peers comes with two zones: a client and a server zone.

A zone consists merely of a name, a priority and a set of optional filters. Each conversation is tagged with a client and server zone (using the client and server IP and MAC addresses) according to this process: every rule is tried in order of priority, and the first zone that has filters that comply with this conversation is selected. Thus, it may be important to consider the priority of a zone in the rare occurrence where the default ordering scheme does not yield the expected results.

For instance, here is a simple configuration (in order of priority):

Here, we have two servers (for mail and web) that are tested first by IP (if the VLAN is 120 and the capture is localhost), then all other servers (using an IP range), then the LAN, then the remote site (everything from capture2), and everything else in Internet.

Notice that some fields are unused (MAC, Device), meaning any value will do.

Whatever changes are made in the zone tree, a global fallback (here, it’s /Internet) will be created by default to store any conversation that is not matched by any rule (this remains true even after filters are added for this zone). Also, this zone is special in that the IP addresses of these conversations will be degraded over time to reduce storage requirements.

Your actual configuration will, of course, be much more complex. Indeed, even the default configuration is larger:

Zone tree as displayed in PVX select boxes, showing the default configuration.

Selections

Zone names, although not used in the aforementioned process, play an important role in the GUI. As you can see on the example, zone names are organised in a tree of sub-names delimited with slashes (/), not unlike a standard file system.

For instance, /LAN/Servers/Web is made of three components, meant to be read as the host Web, amidst the Servers in the LAN. Here /LAN is said to be the parent zone of /LAN/Servers and /LAN/Fallback, and /LAN/Servers is said to be the parent zone of /LAN/Servers/Mail and /LAN/Servers/Web.

In all select boxes of the GUI, selecting a parent zone will select all conversations that fall in this zone or in any of its child zone.

For instance, in the above example, selecting /LAN/Servers will select all conversations in /LAN/Servers/Mail, /LAN/Servers/Web and /LAN/Servers/Fallback.

Fallbacks

By convention, a fallback is a zone with a larger filter but lower priority than a set of more specific rules. For instance, in the above example, the /LAN/Servers/Fallback zone collects all IP addresses in the 192.168.1.0/24 subnet after some more precise zones tried to match with subsets of this subnet.

Notice that the priority of the fallback must be lower than the priority of these smaller zones; otherwise, they would be shadowed by the fallback.

Notice also that if the example configuration was instead:

i.e., with /LAN/Servers instead of /LAN/Servers/Fallback, then selecting the /LAN/Servers zone in the GUI would actually select /LAN/Servers/Mail and /LAN/Servers/Web in addition to the fallback. In other words, there would be no way to select in the GUI only the peers that are in the servers IP range but that are neither the mail nor the web server. Using the Fallback naming convention allows one to select either a specific server (/LAN/Servers/Mail, /LAN/Servers/Web), all servers (/LAN/Servers) or only the other servers other than mail and web (/LAN/Servers/Fallback).