Zones
  • 05 Oct 2021
  • 3 Minutes to read
  • Contributors
  • PDF

Zones

  • PDF

Article summary

Principles

A zone is an arbitrary container in which groups of peers can be kept and organized according to their network address.

Each peer being attributed a zone, a conversation between two peers comes with two zones: a client and a server zone.

A zone consists merely of a name, a priority and a set of optional filters. Each conversation is tagged with a client and server zone (using the client and server IP and MAC addresses) according to this process: every rule is tried in order of priority, and the first zone that has filters that comply with this conversation is selected. Thus, it may be important to consider the priority of a zone in the rare occurrence where the default ordering scheme does not yield the expected results.

For instance, here is a simple configuration (in order of priority):

PriorityNameSubnetMACVLANCaptureDevice
20/LAN/Servers/Mail192.168.1.25120localhost
20/LAN/Servers/Web192.168.1.80120localhost
10/LAN/Servers/Fallback192.168.1.1-192.168.1.100120localhost
0/LAN/Fallback192.168.1.0/24120localhost
0/Remotecapture2
-1000/Internet

Here, we have two servers (for mail and web) that are tested first by IP (if the VLAN is 120 and the capture is localhost), then all other servers (using an IP range), then the LAN, then the remote site (everything from capture2), and everything else in Internet.

Notice that some fields are unused (MAC, Device), meaning any value will do.

Whatever changes are made in the zone tree, a global fallback (here, it’s /Internet) will be created by default to store any conversation that is not matched by any rule (this remains true even after filters are added for this zone). Also, this zone is special in that the IP addresses of these conversations will be degraded over time to reduce storage requirements.

Your actual configuration will, of course, be much more complex. Indeed, even the default configuration is larger:

Zone tree as displayed in PVX select boxes, showing the default configuration.
1. DefaultZoneTree.png

Selections

Zone names, although not used in the aforementioned process, play an important role in the GUI. As you can see on the example, zone names are organised in a tree of sub-names delimited with slashes (/), not unlike a standard file system.

For instance, /LAN/Servers/Web is made of three components, meant to be read as the host Web, amidst the Servers in the LAN. Here /LAN is said to be the parent zone of /LAN/Servers and /LAN/Fallback, and /LAN/Servers is said to be the parent zone of /LAN/Servers/Mail and /LAN/Servers/Web.

In all select boxes of the GUI, selecting a parent zone will select all conversations that fall in this zone or in any of its child zone.

For instance, in the above example, selecting /LAN/Servers will select all conversations in /LAN/Servers/Mail, /LAN/Servers/Web and /LAN/Servers/Fallback.

Fallbacks

By convention, a fallback is a zone with a larger filter but lower priority than a set of more specific rules. For instance, in the above example, the /LAN/Servers/Fallback zone collects all IP addresses in the 192.168.1.0/24 subnet after some more precise zones tried to match with subsets of this subnet.

Notice that the priority of the fallback must be lower than the priority of these smaller zones; otherwise, they would be shadowed by the fallback.

Notice also that if the example configuration was instead:

PriorityNameSubnetMACVLANCaptureDevice
20/LAN/Servers/Mail192.168.1.25120localhost
20/LAN/Servers/Web192.168.1.80120localhost
10/LAN/Servers192.168.1.1-192.168.1.100120localhost

i.e., with /LAN/Servers instead of /LAN/Servers/Fallback, then selecting the /LAN/Servers zone in the GUI would actually select /LAN/Servers/Mail and /LAN/Servers/Web in addition to the fallback. In other words, there would be no way to select in the GUI only the peers that are in the servers IP range but that are neither the mail nor the web server. Using the Fallback naming convention allows one to select either a specific server (/LAN/Servers/Mail, /LAN/Servers/Web), all servers (/LAN/Servers) or only the other servers other than mail and web (/LAN/Servers/Fallback).

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.