VMware Cloud Community
swalker34
Contributor
Contributor
‎08-16-2021 03:48 AM

Exporting Traffic Filtering and Marking Properties

I'm trying to work out if it's possible to carry out a CSV export of the traffic filtering and marking properties against a DV switch uplink. I can't see any way immediately obvious in the GUI so assuming it must be possible with PowerCLI. I haven't been able to work out how to do this though. Is anyone able to suggest a way to do this, please?

0 Kudos
8 Replies
scott28tt
VMware Employee
VMware Employee
‎08-16-2021 04:16 AM

Here is the PowerCLI area: https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/bd-p/2805

I've reported this thread asking moderators to move it there, so no need to create another.

I would suggest doing a search of that area though, your requirement is likely to have come up before.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
swalker34
Contributor
Contributor
‎08-16-2021 05:22 AM

Thanks. I've done a bit of digging online and played around with the commands, but haven't been able to figure out anything yet. Thank you though 🙂

0 Kudos
LucD
Leadership
Leadership
‎08-16-2021 06:00 AM

What exactly do you want to see/exprt?
There is quite a bit of information there.
Perhaps indicate on a screenshot of the Web Client.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
swalker34
Contributor
Contributor
‎08-16-2021 07:34 AM

We're looking to export all of the information that would appear in this window... does that help?

 

swalker34_0-1629124461842.jpeg

 

0 Kudos
LucD
Leadership
Leadership
‎08-16-2021 09:58 AM

Ok, that is sufficient.
I'll see if I can capture that in some way that is fit for a CSV export.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

LucD
Leadership
Leadership
‎08-17-2021 04:15 AM

Since these rules can be quite complex, I had to take some decisions to make it all fit for export to a CSV.
- each rule is a separate row
- each row contains all 3 possible traffic qualifiers, the 'XXXenabled' flag indicates if a specific qualifier is in use for a rule
- some fields are presented as a single string. For example, the MAC matching contains target MAC and the Mask in one string

Also, note that I didn't write a Test set to validate if all possibilities are covered.
I think most are, but I could have missed one or more cases.

Get-VDSwitch -PipelineVariable vds |
Get-VDPortgroup -PipelineVariable vdpg |
Where-Object { $_.IsUplink } |
ForEach-Object -Process {
  foreach ($filter in $vdpg.ExtensionData.Config.DefaultPortConfig.FilterPolicy.FilterConfig) {
    foreach ($set in $filter.TrafficRuleset) {
      foreach ($rule in $set.Rules) {
        $obj = [ordered]@{
          VDS = $vds.Name
          VDPG = $vdpg.Name
          Inherited = $filter.Inherited
          Enabled = $set.Enabled
          Rule = $rule.Description
          Direction = $rule.Direction
          Action = ''
          CoS = ''
          DSCP = ''
          IPEnabled = $false
          IPSource = ''
          IPDestination = ''
          IPSrcPort = ''
          IPDstPort = ''
          IPProtocol = ''
          MACEnabled = $false
          MACEtherType = ''
          MACVLANId = ''
          MACSource = ''
          MACDestination = ''
          SystemTrafficEnabled = $false
          SystemTraffic = ''
        }
        switch ($rule.Action.GetTYpe().Name) {
          'DvsUpdateTagNetworkRuleAction' {
            $obj.Action = 'Tag'
            $obj.CoS = $rule.Action.QosTag
            $obj.DSCP = $rule.Action.DscpTag
          }
          'DvsAcceptNetworkRuleAction' {
            $obj.Action = 'Allow'
          }
          'DvsDropNetworkRuleAction' {
            $obj.Action = 'Drop'
          }
        }
        foreach ($qualifier in $rule.Qualifier) {
          switch ($qualifier.GetType().Name) {
            'DvsIpNetworkRuleQualifier' {
              $obj.IPEnabled = $true
              if ($qualifier.SourceAddress) {
                switch ($qualifier.SourceAddress.GetType().Name) {
                  'SingleIP' {
                    $obj.IPSource = $qualifier.SourceAddress.Address
                  }
                  'IpRange' {
                    $range = "$($qualifier.SourceAddress.AddressPrefix)/$($qualifier.SourceAddress.PrefixLength)"
                    if ($qualfier.SourceAddress.Negate) {
                      $obj.IPSource = "does not match $($range)"
                    } else {
                      $obj.IPSource = "matches $($range)"
                    }
                    $obj.IPSource = "matches $($qualifier.SourceAddress.AddressPrefix)/$($qualifier.SourceAddress.PrefixLength)"
                  }
                }
              } else {
                $obj.IPSource = 'any'
              }
              if ($qualifier.DestinationAddress) {
                switch ($qualifier.DestinationAddress.GetType().Name) {
                  'SingleIP' {
                    $obj.IPSource = $qualifier.DestinationAddress.Address
                  }
                  'IpRange' {
                    $range = "$($qualifier.DestinationAddress.AddressPrefix)/$($qualifier.DestinationAddress.PrefixLength)"
                    if ($qualfier.DestinationAddress.Negate) {
                      $obj.IPDestination = "does not match $($range)"
                    } else {
                      $obj.IPDestination = "matches $($range)"
                    }
                  }
                }
              } else {
                $obj.IPDestination = 'any'
              }
              if ($qualifier.SourceIpPort) {
                switch ($qualifier.SourceIpPort.GetType().Name) {
                  'DvsSingleIpPort' {
                    if ($qualifier.SourceIpPort.Negate) {
                      $port = "is not $($qualifier.SourceIpPort.PortNumber)"
                    } else {
                      $port = "is $($qualifier.SourceIpPort.PortNumber)"
                    }
                  }
                  'DvsIpPortRange' {
                    if ($qualifier.SourceIpPort.Negate) {
                      $port = "is not in range $($qualifier.SourceIpPort.StartPortNumber	) - $($qualifier.SourceIpPort.EndPortNumber)"
                    } else {
                      $port = "is in range $($qualifier.SourceIpPort.StartPortNumber	) - $($qualifier.SourceIpPort.EndPortNumber)"
                    }
                  }
                }
              } else {
                $port = 'any'
              }
              $obj.IPSrcPort = $port
              if ($qualifier.DestinationIpPort) {
                switch ($qualifier.DestinationIpPort.GetType().Name) {
                  'DvsSingleIpPort' {
                    if ($qualifier.DestinationIpPort.Negate) {
                      $port = "is not $($qualifier.DestinationIpPort.PortNumber)"
                    } else {
                      $port = "is $($qualifier.DestinationIpPort.PortNumber)"
                    }
                  }
                  'DvsIpPortRange' {
                    if ($qualifier.DestinationIpPort.Negate) {
                      $port = "is not in range $($qualifier.DestinationIpPort.StartPortNumber	) - $($qualifier.DestinationIpPort.EndPortNumber)"
                    } else {
                      $port = "is in range $($qualifier.DestinationIpPort.StartPortNumber	) - $($qualifier.DestinationIpPort.EndPortNumber)"
                    }
                  }
                }
              } else {
                $port = 'any'
              }
              $obj.IPDstPort = $port

              switch ($qualifier.Protocol.Value) {
                $null {
                  $proto = 'any'
                }
                1 {
                  $proto = 'ICMP'
                }
                6 {
                  $proto = 'TCP'
                }
                17 {
                  $proto = 'UDP'
                }
                58 {
                  $proto = 'IPv6-ICMP'
                }
                Default {
                  $proto = $qualifier.Protocol.Value
                }
              }
              if ($qualifier.Protocol.Negate) {
                $proto = "is not $($proto)"
              }
              $obj.IPProtocol = $proto
            }
            'DvsMacNetworkRuleQualifier' {
              $obj.MACEnabled = $true
              if ($qualifier.SourceAddress -eq $null) {
                $obj.MACSource = 'any'
              } else {
                switch ($qualifier.SourceAddress.GetType().Name) {
                  'SingleMac' {
                    if ($qualifier.SourceAddress.Negate) {
                      $obj.MACSource = "is not $($qualifier.SourceAddress.Address)"
                    } else {
                      $obj.MACSource = "is not $($qualifier.SourceAddress.Address)"
                    }
                  }
                  'MacRange' {
                    if ($qualifier.SourceAddress.Negate) {
                      $obj.MACSource = "does not match $($qualifier.SourceAddress.Address)/$($qualifier.SourceAddress.Mask)"
                    } else {
                      $obj.MACSource = "matches $($qualifier.SourceAddress.Address)/$($qualifier.SourceAddress.Mask)"
                    }
                  }
                }
              }
              if ($qualifier.DestinationAddress -eq $null) {
                $obj.MACDestination = 'any'
              } else {
                switch ($qualifier.DestinationAddress.GetType().Name) {
                  'SingleMac' {
                    if ($qualifier.DestinationAddress.Negate) {
                      $obj.MACDestination = "is not $($qualifier.DestinationAddress.Address)"
                    } else {
                      $obj.MACDestination = "is not $($qualifier.DestinationAddress.Address)"
                    }
                  }
                  'MacRange' {
                    if ($qualifier.DestinationAddress.Negate) {
                      $obj.MACDestination = "does not match $($qualifier.DestinationAddress.Address)/$($qualifier.DestinationAddress.Mask)"
                    } else {
                      $obj.MACDestination = "matches $($qualifier.DestinationAddress.Address)/$($qualifier.DestinationAddress.Mask)"
                    }
                  }
                }
              }
              if ($qualifier.Protocol -eq $null) {
                $proto = 'any'
              } else {
                switch ($qualifier.Protocol.Value) {
                  0x0800 {
                    $proto = 'IPv4 (0800)'
                  }
                  0x86DD {
                    $proto = 'IPv6 (86DD)'
                  }
                  0x0806 {
                    $proto = 'ARP (0806)'
                  }
                }
                if ($qualifier.Protocol.Negate) {
                  $proto = "is not $($proto)"
                } else {
                  $proto = "is $($proto)"
                }
              }
              $obj.MACEtherType = $proto
              if ($qualifier.VlanId -ne $null) {
                $obj.MACVLANId = $qualifier.VlanId.Value
              } else {
                $obj.MACVLANId = 'any'
              }
            }
            'DvsSystemTrafficNetworkRuleQualifier' {
              $obj.SystemTrafficEnabled = $true
              $obj.SystemTraffic = $qualifier.TypeOfSystemTraffic.Value
            }
          }
        }
        New-Object -TypeName PSObject -Property $obj
      }
    }
  }
} | Export-Csv -Path .\report.csv -NoTypeInformation -UseCulture

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

swalker34
Contributor
Contributor
‎08-17-2021 04:25 AM

Ah, that's brilliant; thank you. I'll try it out shortly and let you know how I get on.

0 Kudos
swalker34
Contributor
Contributor
‎08-17-2021 06:11 AM

That does exactly what I need it to; thank you so much 😀

0 Kudos