Example 6—Unprotected Flexible Inline, Monitoring Mode

Example 6 adds a traffic path of monitoring for one inline tool to Example 4. It has the same two inline networks, the same five inline tools, and the same maps, but the flexible traffic path on the second inline tool is set to monitoring.

The monitoring mode is similar to bypass, but at the tool level. In a sequence of tools, you can select a separate tool to put into monitoring mode, in this case, it is the second tool, t0910.

Refer to Figure 1 Example 6 Inline Tool Sharing by Multiple Inline Flows, the traffic returned from the B side of the network to t0910 will also be absorbed.

Figure 1 Example 6 Inline Tool Sharing by Multiple Inline Flows illustrates Example 6. Traffic is only shown in one direction.

Figure 14

Example 6 Inline Tool Sharing by Multiple Inline Flows

Use the following steps to configure Example 6:

Step

Description

Command

Configure inline network ports, port type (inline-network), and administratively enable inline network ports.

(config) # port 1/3/x1..x4 type inline-network
(config) # port 1/3/x1..x4 params admin enable

Configure inline networks.

(config) # inline-network alias n0102 pair net-a 1/3/x1 and net-b 1/3/x2

(config) # inline-network alias n0304 pair net-a 1/3/x3 and net-b 1/3/x4

Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 1/3/x7..x16 type inline-tool
(config) # port 1/3/x7..x16 params admin enable

Configure inline tools, specify that the inline tool is going to be shared by different sources, and enable them. On the second inline tool, specify a traffic path of monitoring.

(config) # inline-tool alias t0708 pair tool-a 1/3/x7 and tool-b 1/3/x8
(config) # inline-tool alias t0708 shared true
(config) # inline-tool alias t0708 enable

(config) # inline-tool alias t0910 pair tool-a 1/3/x9 and tool-b 1/3/x10
(config) # inline-tool alias t0910 flex-traffic-path monitoring
(config) # inline-tool alias t0910 shared true
(config) # inline-tool alias t0910 enable

(config) # inline-tool alias t1112 pair tool-a 1/3/x11 and tool-b 1/3/x12
(config) # inline-tool alias t1112 shared true
(config) # inline-tool alias t1112 enable

(config) # inline-tool alias t1314 pair tool-a 1/3/x13 and tool-b 1/3/x14
(config) # inline-tool alias t1314 shared true
(config) # inline-tool alias t1314 enable

(config) # inline-tool alias t1516 pair tool-a 1/3/x15 and tool-b 1/3/x16
(config) # inline-tool alias t1516 shared true
(config) # inline-tool alias t1516 enable

Configure maps from inline networks to inline tools in both directions, add user-defined tags, and enable maps.

For the rule-based map, configure a rule (one rule only) to direct traffic to the tools. The rule can be based on any map rule criteria such as TCP port, IP subnet, or VLAN.

Note: The tag is optional. The default is auto, which automatically assigns tags.

(config) # map alias FLEX1
(config map alias FLEX1) # type flexInline collector
(config map alias FLEX1) # from n0102
(config map alias FLEX1) # a-to-b t0708,t0910,t1112,t1314,t1516
(config map alias FLEX1) # b-to-a reverse
(config map alias FLEX1) # tag 100
(config map alias FLEX1) # enable
(config map alias FLEX1) # exit
(config) #

(config) # map alias FLEX2
(config map alias FLEX2) # type flexInline collector
(config map alias FLEX2) # from n0304
(config map alias FLEX2) # a-to-b t0708,t1112
(config map alias FLEX2) # b-to-a reverse
(config map alias FLEX2) # tag 200
(config map alias FLEX2) # enable
(config map alias FLEX2) # exit
(config) #

(config) # map alias FLEX3
(config map alias FLEX3) # type flexInline byRule
(config map alias FLEX3) # from n0102
(config map alias FLEX3) # a-to-b t0910,t1314
(config map alias FLEX3) # b-to-a reverse
(config map alias FLEX3) # rule add pass ipver 4
(config map alias FLEX3) # tag 300
(config map alias FLEX3) # enable
(config map alias FLEX3) # exit
(config) #

Configure the path of the traffic to inline tools.

(config) # inline-network alias n0102 traffic-path to-inline-tool

(config) # inline-network alias n0304 traffic-path to-inline-tool