Configure Inline Bypass Examples
The following sections provide examples of inline bypass solutions. The solutions are presented in an order from simple to complex. Refer to the following:
Example 1: Unprotected Inline Bypass |
Example 2—Unprotected Flexible Inline, Two Collector Maps |
Example 3: Unprotected Inline Bypass with an Inline Tool Group |
Example 4: Protected Inline Bypass Using Bypass Combo Modules |
Example 5: Inline Tool Group (N+1) Redundancy |
Example 6: Inline Tool Series |
Example 7: Inline Tool Series with Local Failover Action |
Example 8: Inline Network Group (Many-to-One) |
Example 9: Inline Network Group (Many-to-Many) |
Example 10: Inline Flow Mapping® Based Solution A |
Example 11: Inline Flow Mapping® Based Solution B |
Example 12: Inline Flow Mapping® Based Solution C |
Example 13: Inline Flow Mapping® Based Solution D |
Example 14: OOB Maps Originating from Inline Network |
Example 15: OOB Maps Originating from Inline Network Group |
Example 16: Asymmetrical Hashing in Inline Tool Group |
Example 17: Maps to Individual Inline Tool Group Members |
Example 18: Gigamon Resiliency for Inline Protection |
Example 1: Unprotected Inline Bypass
Example 1 is a simple, unprotected inline bypass solution. In the example, aliases are used for inline network ports (iN1 and iN2), inline tool ports (iT1 and iT2), inline network (inNet), inline tool (inTool), and inline map (inMap).
On GigaVUE‑HC3, an unprotected inline bypass solution can be configured on the bypass combo module with the inline networks and inline tools on ports 1/1/x1..x16 or on ports c1..c4, or on any other module on the GigaVUE‑HC3 node.
On GigaVUE‑HC2, an unprotected inline bypass solution can be configured with the inline networks and inline tools on ports 1/1/x1..x16 or on ports x17..x24, or on any other module on the GigaVUE‑HC2 node. Refer to Figure 1 Logical Bypass, which shows a GigaVUE‑HC2.
Figure 11 | Logical Bypass |
On GigaVUE‑HC1, an unprotected inline bypass solution can be configured on the base module, with the inline networks and inline tools on ports 1/1/x1..x12 and 1/1/g1..g4, or on the bypass combo module on ports x1..x4.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 3/1/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 3/1/x2 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 3/1/x3 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 3/1/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable |
|||
|
Configure inline tool and enable it. |
(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool enable |
|||
|
Configure map passall, from inline network to inline tool. |
(config) # map-passall alias inMap (config map-passall alias inMap) # from inNet (config map-passall alias inMap) # to inTool (config map-passall alias inMap) # exit |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show port (config) # show inline-network (config) # show inline-tool (config) # show map |
Example 2: Unprotected Inline Bypass with Default Heartbeat
Example 2 adds the default heartbeat profile to the unprotected inline bypass solution on GigaVUE‑HC2 in Example 1.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 3/1/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 3/1/x2 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 3/1/x3 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 3/1/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable |
|||
|
Configure default heartbeat profile. |
(config) # hb-profile alias hb1 (config hb-profile alias hb1) # exit (config) # |
|||
|
Configure inline tool and enable it. |
(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool enable |
|||
|
Specify heartbeat profile and enable heartbeat. |
(config) # inline-tool alias inTool hb-profile hb1 (config) # inline-tool alias inTool heart-beat |
|||
|
Configure map passall, from inline network to inline tool. |
(config) # map-passall alias inMap (config map-passall alias inMap) # from inNet (config map-passall alias inMap) # to inTool (config map-passall alias inMap) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show hb-profile (config) # show inline-tool |
Example 3: Unprotected Inline Bypass with an Inline Tool Group
Example 3 adds a second inline tool to the unprotected inline bypass solution on GigaVUE‑HC2 in Example 1 and creates an inline tool group consisting of two tools. It also configures a custom heartbeat profile.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 3/1/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 3/1/x2 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 3/1/x3 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 3/1/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 3/1/x5 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 3/1/x6 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable |
|||
|
Configure a custom heartbeat profile. |
(config) # hb-profile alias hb_custom (config hb-profile alias hb_custom) # custom-packet http://1.1.1.1/tftpboot/hbpackets/MyHBPacket.pcap (config hb-profile alias hb_custom) # packet-format custom (config hb-profile alias hb_custom) # exit (config) # |
|||
|
Configure inline tools and enable them. |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable |
|||
|
Specify heartbeat profile and enable heartbeat on each inline tool. |
(config) # inline-tool alias inTool1 hb-profile hb_custom (config) # inline-tool alias inTool2 hb-profile hb_custom (config) # inline-tool alias inTool1 heart-beat (config) # inline-tool alias inTool2 heart-beat |
|||
|
Configure inline tool group and enable it. |
(config) # inline-tool-group alias inToolGroup tool-list inTool1,inTool2 (config) # inline-tool-group alias inToolGroup enable |
|||
|
Configure map passall, from inline network to inline tool group. |
(config) # map-passall alias inMap (config map-passall alias inMap) # from inNet (config map-passall alias inMap) # to inToolGroup (config map-passall alias inMap) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show inline-tool-group (config) # show hb-profile (config) # show map |
Example 4: Protected Inline Bypass Using Bypass Combo Modules
Example 4 is a protected inline bypass solution using bypass combo modules on GigaVUE‑HC2. It also configures heartbeat and negative heartbeat profiles.
Protected inline networks are based on the pairs of ports associated with the physical protection switches located on the bypass combo modules. Unlike the unprotected examples, you do not need to configure inline network ports because they are created automatically. On GigaVUE‑HC2, the port pairs are numbered for example: 2/2/x17 and 2/2/x18, 2/2/x19 and 2/2/x20, 2/2/x21 and 2/2/x22, 2/2/x23 and 2/2/x24.
You do not need to configure inline networks because they are also created automatically on bypass combo modules. The aliases of the default inline networks are: default_inline_net_2_2_1, default_inline_net_2_2_2, default_inline_net_2_2_3, default_inline_net_2_2_4.
On GigaVUE‑HC3, protected inline bypass can be configured on the bypass combo module on ports c1..c4.
On GigaVUE‑HC1, protected inline bypass can be configured on the bypass combo module. It can also be configured on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. For an example, refer to Example to Configure Inline Bypass on H Series Nodes.
Note: The default value of the physical-bypass attribute of protected inline networks is set to enable, which means that the fibers attached to ports net-a and net-b of the inline network are optically coupled and the traffic is exchanged between end nodes without coming to the switching fabric of the GigaVUE node. As shown in Example 4, after configuring the inline tool and the map passall, the physical-bypass attribute is set to disable in order to activate the inline-bypass solution.
Step |
Description |
Command |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 2/2/x11 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 2/2/x12 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable |
|||
|
Configure heartbeat profile alias. |
(config) # hb-profile alias hb2 (config hb-profile alias hb2) # exit (config) # |
|||
|
Configure negative heartbeat profile alias and PCAP file. |
(config) # nhb-profile alias nhb1 (config nhb-profile alias nhb1) # custom-packet http://remote/home/hnb.pcap (config nhb-profile alias nhb1) # exit (config) # |
|||
|
Configure inline tool. Also specify the heartbeat profile, the negative heartbeat profile, enable heartbeat and negative heartbeat, and also enable inline tool. |
(config) # inline-tool alias inTool1 (config inline-tool alias inTool1) # pair tool-a iT1 and tool-b iT2 (config inline-tool alias inTool1) # hb-profile hb2 (config inline-tool alias inTool1) # nhb-profile nhb1 (config inline-tool alias inTool1) # heart-beat (config inline-tool alias inTool1) # negative-heart-beat (config inline-tool alias inTool1) # enable (config inline-tool alias inTool1) # exit (config) # |
|||
|
Configure map passall, from inline network to inline tool. |
(config) # map-passall alias inMap1 (config map-passall alias inMap1) # from default_inline_net_2_2_1 (config map-passall alias inMap1) # to inTool1 (config map-passall alias inMap1) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias default_inline_net_2_2_1 traffic-path to-inline-tool |
|||
|
Disable physical bypass on the default inline network alias. |
(config) # inline-network alias default_inline_net_2_2_1 physical-bypass disable |
|||
|
Display the configuration for this example. |
(config) # show port (config) # show inline-network (config) # show inline-tool (config) # show map (config) # show hb-profile (config) # show nhb-profile |
Example 5: Inline Tool Group (N+1) Redundancy
Example 5 is an inline bypass solution on GigaVUE‑HC2 for an inline tool group with N+1 redundancy. In this example, N=2. The inline network is unprotected. Example 5 expands upon Example 3 by adding a spare to the inline tool group.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 3/1/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 3/1/x2 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 3/1/x3 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 3/1/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 3/1/x5 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 3/1/x6 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable (config) # port 3/1/x7 alias iT5 (config) # port iT5 type inline-tool (config) # port iT5 params admin enable (config) # port 3/1/x8 alias iT6 (config) # port iT6 type inline-tool (config) # port iT6 params admin enable |
|||
|
Configure inline tools and enable them. |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable (config) # inline-tool alias inTool3 enable |
|||
|
Configure inline tool group and parameters. Enable it and then configure failover action. |
(config) # inline-tool-group alias inToolGroup (config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2 (config inline-tool-group alias inToolGroup) # spare-inline-tool inTool3 (config inline-tool-group alias inToolGroup) # release-spare-if-possible (config inline-tool-group alias inToolGroup) # hash advanced (config inline-tool-group alias inToolGroup) # minimum-group-healthy-size 2 (config inline-tool-group alias inToolGroup) # enable (config inline-tool-group alias inToolGroup) # failover-action tool-bypass (config inline-tool-group alias inToolGroup) # exit (config) # |
|||
|
Configure map passall, from inline network to inline tool group. |
(config) # map-passall alias inMap (config map-passall alias inMap) # from inNet (config map-passall alias inMap) # to inToolGroup (config map-passall alias inMap) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show inline-tool-group |
Example 6: Inline Tool Series
Example 6 is an inline bypass solution on GigaVUE‑HC2 for an inline tool series. The inline network is unprotected. The order of the tools and inline tool groups in the tool list defines the order of the series. The map directs the traffic to the series, that is, to the first inline tool or inline tool group in the tool list. Example 6 includes two inline tools in the series and an inline tool group.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 3/1/x1 alias iN11 (config) # port iN11 type inline-network (config) # port iN11 params admin enable (config) # port 3/1/x2 alias iN12 (config) # port iN12 type inline-network (config) # port iN12 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN11 and net-b iN12 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 3/1/x3 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 3/1/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 3/1/x5 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 3/1/x6 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable (config) # port 3/1/x7 alias iT5 (config) # port iT5 type inline-tool (config) # port iT5 params admin enable (config) # port 3/1/x8 alias iT6 (config) # port iT6 type inline-tool (config) # port iT6 params admin enable (config) # port 3/1/x9 alias iT7 (config) # port iT7 type inline-tool (config) # port iT7 params admin enable (config) # port 3/1/x10 alias iT8 (config) # port iT8 type inline-tool (config) # port iT8 params admin enable |
|||
|
Configure inline tools and enable them. |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6 (config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable (config) # inline-tool alias inTool3 enable (config) # inline-tool alias inTool4 enable |
|||
|
Configure inline tool group and parameters. Enable it and then configure failover action. |
(config) # inline-tool-group alias inToolGroup (config inline-tool-group alias inToolGroup) # tool-list inTool2,inTool3 (config inline-tool-group alias inToolGroup) # enable (config inline-tool-group alias inToolGroup) # failover-action tool-bypass (config inline-tool-group alias inToolGroup) # exit (config) # |
|||
|
Configure inline tool series and enable it. Then configure failover action. |
(config) # inline-serial alias inSer (config inline-serial alias inSer) # inline-tool-list inTool1,inToolGroup,inTool4 (config inline-serial alias inSer) # enable (config inline-serial alias inSer) # failover-action tool-bypass (config inline-serial alias inSer) # exit (config) # |
|||
|
Configure map passall, from inline network to inline tool series. |
(config) # map-passall alias inMap (config map-passall alias inMap) # from inNet (config map-passall alias inMap) # to inSer (config map-passall alias inMap) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show inline-serial (config) # show map |
Example 7: Inline Tool Series with Local Failover Action
Example 7 is an inline bypass solution on GigaVUE‑HC2 for an inline tool series. The failover action is specified for one of the inline tools (network-bypass), rather than for the series as a whole. Also the recovery mode is specified as manual.
When the individual inline tool fails, traffic is dropped at the inline network ports. When the tool recovers and is ready to be put back into service, use the recover command.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 3/1/x1 alias iN11 (config) # port iN11 type inline-network (config) # port iN11 params admin enable (config) # port 3/1/x2 alias iN12 (config) # port iN12 type inline-network (config) # port iN12 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN11 and net-b iN12 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 3/1/x3 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 3/1/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 3/1/x5 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 3/1/x6 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable (config) # port 3/1/x7 alias iT5 (config) # port iT5 type inline-tool (config) # port iT5 params admin enable (config) # port 3/1/x8 alias iT6 (config) # port iT6 type inline-tool (config) # port iT6 params admin enable |
|||
|
Configure inline tools and enable them. |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable (config) # inline-tool alias inTool3 enable |
|||
|
Configure failover action and recovery mode for the second tool in the list. |
(config) # inline-tool alias inTool2 failover-action network-bypass (config) # inline-tool alias inTool2 recovery mode manual |
|||
|
Configure inline tool series, and enable it, then configure failover action, per-tool. |
(config) # inline-serial alias inSer (config inline-serial alias inSer) # inline-tool-list inTool1,inTool2,inTool3 (config inline-serial alias inSer) # enable (config inline-serial alias inSer) # failover-action per-tool (config inline-serial alias inSer) # exit (config) # |
|||
|
Configure map passall, from inline network to inline tool series. |
(config) # map-passall alias inMap (config map-passall alias inMap) # from inNet (config map-passall alias inMap) # to inSer (config map-passall alias inMap) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show inline-tool (config) # show inline-serial |
|||
|
Display the forwarding state when the tool fails. |
(config) # show inline-network |
|||
|
After the inline tool recovers and is in the ready state, put the inline tool back into service. |
(config) # inline-tool alias inTool2 recover |
Example 8: Inline Network Group (Many-to-One)
Example 8 is an inline bypass solution on GigaVUE‑HC2 for an inline network group. This is a many-to-one example with two inline networks and one inline tool. The inline networks are mix of protected and unprotected.
On GigaVUE‑HC3, unprotected inline bypass can be configured on any module on the node. Protected inline bypass can be configured on the bypass combo module on ports c1..c4.
On GigaVUE‑HC1, unprotected inline bypass can be configured on the base module, with the inline networks and inline tools on ports 1/1/x1..x12 and 1/1/g1..g4, or on the bypass combo module on ports x1..x4. Protected inline bypass can be configured on the bypass combo module, or on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. On the TAP module, you will need to configure inline network ports and the inline network because they are not created automatically (as they are on bypass combo modules).
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 7/2/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 7/2/x20 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure an inline network group consisting of a single unprotected inline network and two protected inline networks. |
(config) # inline-network-group alias inNetGroup (config inline-network-group alias inNetGroup) # network-list inNet,default_inline_net_7_2_1,default_inline_net_7_2_3 (config inline-network-group alias inNetGroup) # exit (config) # |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 7/2/x3 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 7/2/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable |
|||
|
Configure inline tool and enable it. Also, specify that the inline tool is going to be shared by different sources. When shared is enabled (true), the inline tool can receive traffic from multiple sources (the inline networks in the inline network group). |
(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool enable (config) # inline-tool alias inTool shared true |
|||
|
Configure map passall, from inline network group to inline tool. |
(config) # map-passall alias inMap (config map-passall alias inMap) # from inNetGroup (config map-passall alias inMap) # to inTool (config map-passall alias inMap) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool (config) # inline-network alias default_inline_net_7_2_1 traffic-path to-inline-tool (config) # inline-network alias default_inline_net_7_2_3 traffic-path to-inline-tool |
|||
|
Disable physical bypass on the default inline network aliases. |
(config) # inline-network alias default_inline_net_7_2_1 physical-bypass disable (config) # inline-network alias default_inline_net_7_2_3 physical-bypass disable |
|||
|
Display the configuration for this example. |
(config) # show inline-network-group (config) # show inline-tool (config) # show map |
Example 9: Inline Network Group (Many-to-Many)
Example 9 is an inline bypass solution on GigaVUE‑HC2 for an inline network group. Example 9 expands upon Example 8 by adding a second inline tool. The inline networks are a mix of unprotected and protected.
In addition, user-defined VLAN tags are added in Example 9 to guide traffic from the multiple inline networks in the inline network group.
On GigaVUE‑HC3, unprotected inline bypass can be configured on any module on the node. Protected inline bypass can be configured on the bypass combo module on ports c1..c4.
On GigaVUE‑HC1, unprotected inline bypass can be configured on the base module, with the inline networks and inline tools on ports 1/1/x1..x12 and 1/1/g1..g4, or on the bypass combo module on ports x1..x4. Protected inline bypass can be configured on the bypass combo module, or on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. On the TAP module, you will need to configure inline network ports and the inline network because they are not created automatically (as they are on bypass combo modules).
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 7/2/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 7/2/x20 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure an inline network group consisting of a single unprotected inline network and two protected inline networks. |
(config) # inline-network-group alias inNetGroup (config inline-network-group alias inNetGroup) # network-list inNet,default_inline_net_7_2_1,default_inline_net_7_2_3 (config inline-network-group alias inNetGroup) # exit (config) # |
|||
|
(Optional) Configure user-defined VLAN tags. Note: The net-a and net-b ports can have the same VLAN tag, but tags must otherwise be unique within the inline network group. |
(config) # port 7/2/x1 ingress-vlan-tag 1201 (config) # port 7/2/x20 ingress-vlan-tag 1202 (config) # port 7/2/x17 ingress-vlan-tag 1203 (config) # port 7/2/x18 ingress-vlan-tag 1203 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 7/2/x3 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 7/2/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable 7/2/x9 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable 7/2/x10 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable |
|||
|
Configure inline tools and enable them. Also, specify that inline tools are going to be shared by different sources. When shared is enabled (true), the inline tools can receive traffic from multiple sources (the inline networks in the inline network group). |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable inTool1 shared true (config) # inline-tool alias inTool2 shared true |
|||
|
Configure inline tool group and enable it. |
(config) # inline-tool-group alias inToolGroup tool-list inTool1,inTool2 (config) # inline-tool-group alias inToolGroup enable |
|||
|
Configure map passall, from inline network to inline tool group. |
(config) # map-passall alias inMap (config map-passall alias inMap) # from inNet (config map-passall alias inMap) # to inToolGroup (config map-passall alias inMap) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool (config) # inline-network alias default_inline_net_7_2_1 traffic-path to-inline-tool (config) # inline-network alias default_inline_net_7_2_3 traffic-path to-inline-tool |
|||
|
Disable physical bypass on the default inline network aliases. |
(config) # inline-network alias default_inline_net_7_2_1 physical-bypass disable (config) # inline-network alias default_inline_net_7_2_3 physical-bypass disable |
|||
|
Display the configuration for this example. |
(config) # show inline-network-group (config) # show ingress-vlan-tag (config) # show inline-tool-group |
Example 10: Inline Flow Mapping® Based Solution A
Example 10 is an inline flow mapping based solution on GigaVUE‑HC2. Example 10 has a single, unprotected inline network, a single inline tool, a rule-based map (VLAN 100) from the inline network to the inline tool, and a shared collector from the inline network to bypass. Traffic on VLAN 100 will be inspected by the inline tool while the remaining traffic will not be inspected (will be bypassed).
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 7/2/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 7/2/x20 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 7/2/x2 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 7/2/x15 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable |
|||
|
Configure inline tool and enable it. |
(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool enable |
|||
|
Enable default heartbeat. |
(config) # inline-tool alias inTool heart-beat |
|||
|
Configure rule-based map, from inline network to inline tool. |
(config) # map alias inMap1 (config map alias inMap1) # type inline byRule (config map alias inMap1) # from inNet config map alias inMap1) # to inTool (config map alias inMap1) # rule add pass vlan 100 (config map alias inMap1) # exit (config) # |
|||
|
Add a shared collector for any unmatched data and send it to bypass. |
(config) # map-scollector alias scoll (config map-scollector alias scoll) # from inNet (config map-scollector alias scoll) # collector bypass (config map-scollector alias scoll) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show inline-network (config) # show inline-tool (config) # show map |
Example 11: Inline Flow Mapping® Based Solution B
Example 11 is an inline flow mapping based solution on GigaVUE‑HC2. Example 11 has a single, unprotected inline network, a single inline tool, a rule-based map (VLAN 100) from the inline network to bypass, and a shared collector from the inline network to the inline tool. Traffic on VLAN 100 will not be inspected by the inline tool, while the remaining traffic will be inspected by the inline tool (through the bypass).
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 7/2/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 7/2/x20 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 7/2/x2 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 7/2/x15 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable |
|||
|
Configure inline tool and enable it. |
(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool enable |
|||
|
Enable default heartbeat. |
(config) # inline-tool alias inTool heart-beat |
|||
|
Configure rule-based map, from inline network to bypass. |
(config) # map alias inMap2 (config map alias inMap2) # type inline byRule (config map alias inMap2) # from inNet (config map alias inMap2) # to bypass (config map alias inMap2) # rule add pass vlan 100 (config map alias inMap2) # exit (config) # |
|||
|
Add a shared collector, from inline network to inline tool. |
(config) # map-scollector alias scoll2 (config map-scollector alias scoll2) # from inNet (config map-scollector alias scoll2) # collector inTool (config map-scollector alias scoll2) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show map |
Example 12: Inline Flow Mapping® Based Solution C
Example 12 is an inline flow mapping based solution on GigaVUE‑HC2. Example 12 has a single, unprotected inline network, two individual inline tools, a rule-based map (portdst 22) from the inline network to bypass, a rule-based map (portdst 80) from the inline network to the first inline tool, and a shared collector from the inline network to the second inline tool. Traffic that does not match the map rules will be sent to the shared collector, ensuring that all traffic is exchanged between side A and side B of the network.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 7/2/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 7/2/x20 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 7/2/x2 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 7/2/x15 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 7/2/x3 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 7/2/x4 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable |
|||
|
Configure inline tools and enable them. |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable |
|||
|
Enable default heartbeats. |
(config) # inline-tool alias inTool1 heart-beat (config) # inline-tool alias inTool2 heart-beat |
|||
|
Configure rule-based map, from inline network to bypass. |
(config) # map alias inMap3 (config map alias inMap3) # type inline byRule (config map alias inMap3) # from inNet (config map alias inMap3) # to bypass (config map alias inMap3) # rule add pass portdst 22 (config map alias inMap3) # exit (config) # |
|||
|
Configure rule-based map, from inline network to first inline tool. |
(config) # map alias inMap4 (config map alias inMap4) # type inline byRule (config map alias inMap4) # from inNet (config map alias inMap4) # to inTool1 (config map alias inMap4) # rule add pass portdst 80 (config map alias inMap4) # exit (config) # |
|||
|
Add a shared collector, from inline network to second inline tool. |
(config) # map-scollector alias scoll3 (config map-scollector alias scoll3) # from inNet (config map-scollector alias scoll3) # collector inTool2 (config map-scollector alias scoll3) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show inline-tool (config) # show map |
Example 13: Inline Flow Mapping® Based Solution D
Example 13 is an inline flow mapping based solution on GigaVUE‑HC2. Example 13 has a variety of constructs: an inline network group made up of two protected inline networks, an inline tool group, an inline tool series, an individual inline tool, a rule-based map (VLAN 100) from the inline network group to the inline tool group, a rule-based map (portdst 80) from the inline network group to the inline tool series, a rule-based map (ipsrc 10.123.12.57) from the inline network group to the individual inline tool, and a shared collector from the inline network group to bypass.
Since Example 13 uses protected inline networks on GigaVUE‑HC2, they do not need to be configured as described in Example 4: Protected Inline Bypass Using Bypass Combo Modules, so the configuration begins with the inline network group.
On GigaVUE‑HC3, unprotected inline bypass can be configured on any module on the node. Protected inline bypass can be configured on the bypass combo module on ports c1..c4.
On GigaVUE‑HC1, unprotected inline bypass can be configured on the base module, with the inline networks and inline tools on ports 1/1/x1..x12 and 1/1/g1..g4, or on the bypass combo module on ports x1..x4. Protected inline bypass can be configured on the bypass combo module, or on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. On the TAP module, you will need to configure inline network ports and the inline network because they are not created automatically (as they are on bypass combo modules).
Step |
Description |
Command |
||||||||||||
|
Configure an inline network group consisting of two protected inline networks. |
(config) # inline-network-group alias inNetGroup (config inline-network-group alias inNetGroup) # network-list default_inline_net_7_2_1,default_inline_net_7_2_3 (config inline-network-group alias inNetGroup) # exit (config) # |
||||||||||||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 7/2/x2 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 7/2/x15 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 7/2/x3 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 7/2/x4 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable (config) # port 7/2/x7 alias iT5 (config) # port iT5 type inline-tool (config) # port iT5 params admin enable (config) # port 7/2/x8 alias iT6 (config) # port iT6 type inline-tool (config) # port iT6 params admin enable (config) # port 7/2/x13 alias iT7 (config) # port iT7 type inline-tool (config) # port iT7 params admin enable (config) # port 7/2/x14 alias iT8 (config) # port iT8 type inline-tool (config) # port iT8 params admin enable (config) # port 7/2/x15 alias iT9 (config) # port iT9 type inline-tool (config) # port iT9 params admin enable (config) # port 7/2/x16 alias iT10 (config) # port iT10 type inline-tool (config) # port iT10 params admin enable |
||||||||||||
|
Configure inline tools as follows:
Also, enable inline tools. Specify that inline tools are going to be shared by different sources. When shared is enabled (true), the inline tools can receive traffic from multiple sources (the inline networks in the inline network group). |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6 (config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8 (config) # inline-tool alias inTool5 pair tool-a iT9 and tool-b iT10 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable (config) # inline-tool alias inTool3 enable (config) # inline-tool alias inTool4 enable (config) # inline-tool alias inTool5 enable inTool1 shared true (config) # inline-tool alias inTool2 shared true (config) # inline-tool alias inTool3 shared true (config) # inline-tool alias inTool4 shared true (config) # inline-tool alias inTool5 shared true |
||||||||||||
|
Enable default heartbeats. |
(config) # inline-tool alias inTool1 heart-beat (config) # inline-tool alias inTool2 heart-beat (config) # inline-tool alias inTool3 heart-beat (config) # inline-tool alias inTool4 heart-beat (config) # inline-tool alias inTool5 heart-beat |
||||||||||||
|
Configure an inline tool group and enable it. |
(config) # inline-tool-group alias inToolGroup (config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2 (config inline-tool-group alias inToolGroup) # enable (config inline-tool-group alias inToolGroup) # exit (config) # |
||||||||||||
|
Configure an inline tool series and enable it. |
(config) # inline-serial alias inSer (config inline-serial alias inSer) # inline-tool-list inTool4,inTool5 (config inline-serial alias inSer) # enable (config inline-serial alias inSer) # exit (config) # |
||||||||||||
|
Configure rule-based map, from the inline network group to the inline tool group. |
(config) # map alias inMap1 (config map alias inMap1) # type inline byRule (config map alias inMap1) # from inNetGroup (config map alias inMap1) # to inToolGroup (config map alias inMap1) # rule add pass vlan 100 (config map alias inMap1) # exit (config) # |
||||||||||||
|
Configure rule-based map, from the inline network group to the inline tool series. |
(config) # map alias inMap2 (config map alias inMap2) # type inline byRule (config map alias inMap2) # from inNetGroup (config map alias inMap2) # to inSer (config map alias inMap2) # rule add pass portdst 80 (config map alias inMap2) # exit (config) # |
||||||||||||
|
Configure rule-based map, from the inline network group to the individual inline tool. |
(config) # map alias inMap3 (config map alias inMap3) # type inline byRule (config map alias inMap3) # from inNetGroup (config map alias inMap3) # to inTool3 (config map alias inMap3) # rule add pass ipsrc 10.123.12.57 255.255.255.248 (config map alias inMap3) # exit (config) # |
||||||||||||
|
Add a shared collector from the inline network group to bypass. |
(config) # map-scollector alias scoll (config map-scollector alias scoll) # from inNetGroup (config map-scollector alias scoll) # collector bypass (config map-scollector alias scoll) # exit (config) # |
||||||||||||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool (config) # inline-network alias default_inline_net_7_2_1 traffic-path to-inline-tool (config) # inline-network alias default_inline_net_7_2_3 traffic-path to-inline-tool |
||||||||||||
|
Disable physical bypass on the default inline network aliases. |
(config) # inline-network alias default_inline_net_7_2_1 physical-bypass disable (config) # inline-network alias default_inline_net_7_2_3 physical-bypass disable |
||||||||||||
|
Display the configuration for this example. |
(config) # show inline-network (config) # show inline-network-group (config) # show inline-tool (config) # show inline-serial (config) # show inline-tool-group (config) # show map |
Example 14: OOB Maps Originating from Inline Network
Example 14 combines out-of-band (OOB) maps with a map passall originating from an inline network on GigaVUE‑HC2. In Example 14, the map passall sends all traffic to the inline tool. The OOB rule-based map sends traffic to an OOB tool.
When the source port of an OOB map is associated with an inline network, multiple source ports are supported in the port list (the from argument of the map command).
A protected inline network (which uses bypass combo modules) is included in Example 14. You do not need to configure inline network ports because they are created automatically. The port pairs in Example 14 are 1/1/x21 and 1/1/x22. You do not need to configure an inline network because it is also created automatically. The alias of the default inline network in Example 14 is default_inline_net_1_1_3.
On GigaVUE‑HC3, protected inline bypass can be configured on the bypass combo module on ports c1..c4.
On GigaVUE‑HC1, protected inline bypass can be configured on the bypass combo module, or on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. On the TAP module, you will need to configure inline network ports and the inline network because they are not created automatically (as they are on bypass combo modules).
Step |
Description |
Command |
|||
|
Configure a regular tool port of port type (tool) and administratively enable it. This is the OOB tool. |
(config) # port 1/1/x12 type tool (config) # port 1/1/x12 params admin enable |
|||
|
Configure two inline tool ports of port type (inline-tool) and administratively enable them. |
(config) # port 1/2/x23 type inline-tool (config) # port 1/2/x23 params admin enable (config) # port 1/2/x24 type inline-tool (config) # port 1/2/x24 params admin enable |
|||
|
Configure inline tool and enable it. |
(config) # inline-tool alias inTool1 pair tool-a 1/2/x23 and tool-b 1/2/x24 (config) # inline-tool alias inTool1 enable |
|||
|
Configure a map passall, from the inline network to the inline tool. This sends all the traffic to the inline tool. |
(config) # map-passall alias inline_map1 (config map-passall alias inline_map1) # from default_inline_net_1_1_3 (config map-passall alias inline_map1) # to inTool1 (config map-passall alias inline_map1) # exit (config) # |
|||
|
Configure the OOB rule-based map, with both inline network ports in the from argument, and the OOB tool in the to argument. |
(config) # map alias OoB_map (config map alias OoB_map) # type regular byRule (config map alias OoB_map) # rule add pass ipver 4 (config map alias OoB_map) # to 1/1/x12 (config map alias OoB_map) # from 1/1/x21..x22 (config map alias OoB_map) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias default_inline_net_1_1_3 traffic-path to-inline-tool |
|||
|
Disable physical bypass on the default inline network alias. |
(config) # inline-network alias default_inline_net_1_1_3 physical-bypass disable |
|||
|
Display the configuration and statistics for this example. |
(config) # show inline-network (config) # show inline-tool (config) # show map (config) # show port stats |
Example 15: OOB Maps Originating from Inline Network Group
Example 15 expands on Example 14 by combining out-of-band (OOB) maps with a map passall originating from an inline network group on GigaVUE‑HC2.
When the source port of an OOB map is associated with an inline network group, only one port is supported in the port list. In this case, multiple OOB maps are needed because each OOB map only accepts one inline network port as the input (the from argument of the map command).
A protected inline network (which uses bypass combo modules) is included in Example 15. You do not need to configure inline network ports or the inline networks because they are created automatically. The port pairs in Example 15 are 1/1/x17 and 1/1/x18, as well as 1/1/x19 and 1/1/x20. The aliases of the default inline networks in Example 15 are default_inline_net_1_1_1 and default_inline_net_1_1_2.
In Example 15, two OOB maps send traffic from each inline network port (associated with default_inline_net_1_1_1) to the OOB tool. Two more maps would be needed to send traffic from each inline network port (associated with default_inline_net_1_1_2) to the OOB tool, but this is not included in Example 15.
On GigaVUE‑HC3, protected inline bypass can be configured on the bypass combo module on ports c1..c4.
On GigaVUE‑HC1, protected inline bypass can be configured on the bypass combo module, or on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. On the TAP module, you will need to configure inline network ports and the inline network because they are not created automatically (as they are on bypass combo modules).
Step |
Description |
Command |
|||
|
Configure an inline network group consisting of two protected inline networks. |
(config) # inline-network-group alias inNetGroup (config inline-network-group alias inNetGroup) # network-list default_inline_net_1_1_1,default_inline_net_1_1_2 (config inline-network-group alias inNetGroup) # exit (config) # |
|||
|
Configure a regular tool port of port type (tool) and administratively enable it. This is the OOB tool. |
(config) # port 1/1/x12 type tool (config) # port 1/1/x12 params admin enable |
|||
|
Configure two inline tool ports of port type (inline-tool) and administratively enable them. |
(config) # port 1/2/x23 type inline-tool (config) # port 1/2/x23 params admin enable (config) # port 1/2/x24 type inline-tool (config) # port 1/2/x24 params admin enable |
|||
|
Configure inline tool and enable it. Also, specify that the inline tool is going to be shared by different sources. When shared is enabled (true), the inline tool can receive traffic from multiple sources (the inline networks in the inline network group). |
(config) # inline-tool alias inTool1 pair tool-a 1/2/x23 and tool-b 1/2/x24 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool1 shared true |
|||
|
Configure a map passall, from the inline network group to the inline tool. This sends all the traffic to the inline tool. |
(config) # map-passall alias inline_map1 (config map-passall alias inline_map1) # from inNetGroup (config map-passall alias inline_map1) # to inTool1 (config map-passall alias inline_map1) # exit (config) # |
|||
|
Configure the first rule-based map. This is an OOB map from one inline network port (associated with default_inline_net_1_1_1) to the OOB tool. |
(config) # map alias OoB_map1 (config map alias OoB_map1) # type regular byRule (config map alias OoB_map1) # rule add pass ipver 4 (config map alias OoB_map1) # to 1/1/x12 (config map alias OoB_map1) # from 1/1/x17 (config map alias OoB_map1) # exit (config) # |
|||
|
Configure a second rule-based map. This is an OOB map from the other inline network port (associated with default_inline_net_1_1_1) to the OOB tool. |
(config) # map alias OoB_map2 (config map alias OoB_map2) # type regular byRule (config map alias OoB_map2) # rule add pass ipver 4 (config map alias OoB_map2) # to 1/1/x12 (config map alias OoB_map2) # from 1/1/x18 (config map alias OoB_map2) # exit (config) # |
|||
|
Configure a third rule-based map. This is an OOB map from a single inline tool port to the OOB tool. |
(config) # map alias OoB_map3 (config map alias OoB_map3) # type inline byRule (config map alias OoB_map3) # rule add pass ipver 4 (config map alias OoB_map3) # to 1/1/x12 (config map alias OoB_map3) # from 1/2/x23 (config map alias OoB_map3) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias default_inline_net_1_1_1 traffic-path to-inline-tool (config) # inline-network alias default_inline_net_1_1_2 traffic-path to-inline-tool |
|||
|
Disable physical bypass on the default inline network aliases. |
(config) # inline-network alias default_inline_net_1_1_1 physical-bypass disable (config) # inline-network alias default_inline_net_1_1_2 physical-bypass disable |
|||
|
Display the configuration and statistics for this example. |
(config) # show inline-network (config) # show inline-network-group (config) # show inline-tool (config) # show map |
Example 16: Asymmetrical Hashing in Inline Tool Group
Example 16 is an inline bypass solution on GigaVUE‑HC2 for an inline tool group with four tools. The inline tool group uses asymmetrical hashing (unlike Example 5: Inline Tool Group (N+1) Redundancy which uses symmetrical hashing). The hashing is based on the source IP address for side A and the destination IP address for side B.
A rule-based map (vlan 200) is configured from the inline network to the inline tool group. Traffic that matches the map rule and has the same source IP on side A and destination IP on side B will be sent to the same inline tool in the inline tool group.
A shared collector is configured from the inline network to bypass. Traffic that does not match the map rule will be sent to the shared collector and bypassed.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 1/2/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 1/2/x2 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 1/2/x15 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 1/2/x16 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 1/2/x19 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 1/2/x20 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable (config) # port 1/2/x21 alias iT5 (config) # port iT5 type inline-tool (config) # port iT5 params admin enable (config) # port 1/2/x22 alias iT6 (config) # port iT6 type inline-tool (config) # port iT6 params admin enable (config) # port 1/2/x23 alias iT7( config) # port iT7 type inline-tool (config) # port iT7 params admin enable (config) # port 1/2/x24 alias iT8 (config) # port iT8 type inline-tool (config) # port iT8 params admin enable |
|||
|
Configure inline tools and enable them. |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6 (config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable (config) # inline-tool alias inTool3 enable (config) # inline-tool alias inTool4 enable |
|||
|
Configure inline tool group and parameters. Enable it and then configure failover action. |
(config) # inline-tool-group alias inToolGroup (config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2,inTool3,inTool4 (config inline-tool-group alias inToolGroup) # hash a-srcip-b-dstip (config inline-tool-group alias inToolGroup) # minimum-group-healthy-size 4 (config inline-tool-group alias inToolGroup) # enable (config inline-tool-group alias inToolGroup) # failover-action tool-bypass (config inline-tool-group alias inToolGroup) # exit (config) # |
|||
|
Configure rule-based map, from inline network to inline tool group. |
(config) # map alias inNet-to-ITG (config map alias inNet-to-ITG) # type inline byRule (config map alias inNet-to-ITG) # from inNet (config map alias inNet-to-ITG) # to inToolGroup (config map alias inNet-to-ITG) # rule add pass vlan 200 (config map alias inNet-to-ITG) # exit (config) # |
|||
|
Add a shared collector for any unmatched data and send it to bypass. |
(config) # map-scollector alias inNet-to-bypass (config map-scollector alias inNet-to-bypass) # from inNet (config map-scollector alias inNet-to-bypass) # collector bypass (config map-scollector alias inNet-to-bypass) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show inline-tool-group (config) # show map |
Example 17: Maps to Individual Inline Tool Group Members
Example 17 is an inline bypass solution on GigaVUE‑HC2 for an inline tool group with four tools. It is similar to Example 16: Asymmetrical Hashing in Inline Tool Group, but has four rule-based inline maps, one to each individual member of the inline tool group. In Example 17, asymmetrical hashing is used, but the hashing could also be symmetrical. The hashing only applies to the traffic sent to the shared collector.
Example 17 is different from Example 5: Inline Tool Group (N+1) Redundancy. In Example 5, all the traffic was sent to the inline tool group as a whole, using a map passall. Hashing distributed the traffic across the group.
With the multiple rule-based maps in Example 17, specific traffic is sent to specific tools in the inline tool group according to the rules. Each of the four inline maps directs traffic from one source IP address to a specific inline tool in the group.
A shared collector is configured from the inline network to the inline tool group. Traffic that does not match any of the map rules is sent to the shared collector and will be distributed according to the hashing value specified for the group.
Step |
Description |
Command |
|||
|
Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. |
(config) # port 1/2/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enable (config) # port 1/2/x2 alias iN2 (config) # port iN2 type inline-network (config) # port iN2 params admin enable |
|||
|
Configure inline network. |
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2 |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports. |
(config) # port 1/2/x15 alias iT1 (config) # port iT1 type inline-tool (config) # port iT1 params admin enable (config) # port 1/2/x16 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 1/2/x19 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 1/2/x20 alias iT4 (config) # port iT4 type inline-tool (config) # port iT4 params admin enable (config) # port 1/2/x21 alias iT5 (config) # port iT5 type inline-tool (config) # port iT5 params admin enable (config) # port 1/2/x22 alias iT6 (config) # port iT6 type inline-tool (config) # port iT6 params admin enable (config) # port 1/2/x23 alias iT7 (config) # port iT7 type inline-tool (config) # port iT7 params admin enable (config) # port 1/2/x24 alias iT8 (config) # port iT8 type inline-tool (config) # port iT8 params admin enable |
|||
|
Configure inline tools and enable them. |
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2 (config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4 (config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6 (config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8 (config) # inline-tool alias inTool1 enable (config) # inline-tool alias inTool2 enable (config) # inline-tool alias inTool3 enable (config) # inline-tool alias inTool4 enable |
|||
|
Configure inline tool group and parameters. Enable it and then configure failover action. |
(config) # inline-tool-group alias inToolGroup (config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2,inTool3,inTool4 (config inline-tool-group alias inToolGroup) # hash a-srcip-b-dstip (config inline-tool-group alias inToolGroup) # minimum-group-healthy-size 4 (config inline-tool-group alias inToolGroup) # enable (config inline-tool-group alias inToolGroup) # failover-action network-bypass (config inline-tool-group alias inToolGroup) # exit (config) # |
|||
|
Configure rule-based map, from inline network to first tool in inline tool group, from the same source, inNet. |
(config) # map alias inNet-to-inTool1 (config map alias inNet-to-inTool1) # type inline byRule (config map alias inNet-to-inTool1) # from inNet (config map alias inNet-to-inTool1) # to inTool1 (config map alias inNet-to-inTool1) # rule add pass ipsrc 10.10.10.101 /32 (config map alias inNet-to-inTool1) # exit (config) # |
|||
|
Configure rule-based map, from inline network to second tool in inline tool group, from the same source, inNet. |
(config) # map alias inNet-to-inTool2 (config map alias inNet-to-inTool2) # type inline byRule (config map alias inNet-to-inTool2) # from inNet (config map alias inNet-to-inTool2) # to inTool2 (config map alias inNet-to-inTool2) # rule add pass ipsrc 20.10.20.102 /32 (config map alias inNet-to-inTool2) # exit (config) # |
|||
|
Configure rule-based map, from inline network to third tool in inline tool group, from the same source, inNet. |
(config) # map alias inNet-to-inTool3 (config map alias inNet-to-inTool3) # type inline byRule (config map alias inNet-to-inTool3) # from inNet (config map alias inNet-to-inTool3) # to inTool3 (config map alias inNet-to-inTool3) # rule add pass ipsrc 31.11.31.103 /32 (config map alias inNet-to-inTool3) # exit (config) # |
|||
|
Configure rule-based map, from inline network to fourth tool in inline tool group, from the same source, inNet. |
(config) # map alias inNet-to-inTool4 (config map alias inNet-to-inTool4) # type inline byRule (config map alias inNet-to-inTool4) # from inNet (config map alias inNet-to-inTool4) # to inTool4 (config map alias inNet-to-inTool4) # rule add pass ipsrc 41.11.41.104 /32 (config map alias inNet-to-inTool4) # exit (config) # |
|||
|
Add a shared collector for any unmatched data and send it to the inline tool group. Again, the source is the same, inNet. |
(config) # map-scollector alias inNet-to-ITG (config map-scollector alias inNet-to-ITG) # from inNet (config map-scollector alias inNet-to-ITG) # collector inToolGroup (config map-scollector alias inNet-to-ITG) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias inNet traffic-path to-inline-tool |
|||
|
Display the configuration for this example. |
(config) # show inline-tool-group (config) # show map |
Example 18: Gigamon Resiliency for Inline Protection
You can configure Gigamon Resiliency for inline protection on H Series nodes (GigaVUE‑HC1, GigaVUE‑HC2, and GigaVUE‑HC3). Example 18 is an inline bypass solution for GRIP using TAP-HC1-G10040 modules on GigaVUE‑HC1 with copper ports. The same instructions apply to GigaVUE‑HC2 and GigaVUE‑HC3.
Note: On the GigaVUE‑HC2, the configuration steps will be the same as in this example, but the network ports and the TAP module will be different.
First, configure the GigaVUE‑HC1 with the primary role, then configure the GigaVUE‑HC1 with the secondary role. The configuration is the same (is synchronized) on both nodes, except for step 3, in which the protection role (primary or secondary) is specified.
Note that in this example, link fail propagation (LFP) is disabled to reduce inline network recovery time after failover. When a primary to secondary failover occurs and LFP is enabled for copper inline bypass links, network service recovery may take several seconds because of Ethernet link renegotiation. Optical links failover faster and typically recover service much faster. For inline networks where only one path is available, this is a consideration. When GRIP is deployed with high availability networks where a second path is present, it is a best practice to leave LFP enabled.
Configuring Primary Role GigaVUE‑HC1
Step |
Description |
Command |
|||
|
Configure ports on the TAP-HC1-G10040 module as passive (in passive mode, relays are closed). Also configure ports, port type (inline-network). |
(config) # port 1/3/g1..g8 params taptx passive (config) # port 1/3/g1..g8 type inline-network |
|||
|
Configure stack port (for signaling port/link) and enable it. |
(config) # port 1/1/x1 type stack (config) # port 1/1/x1 params admin enable |
|||
|
Create the redundancy profile by giving it a name and configuring parameters for the redundancy profile such as the signaling port and protection role (primary). |
(config) # redundancy-profile alias RP_001 (config redundancy-profile alias RP_001) # signaling-port 1/1/x1 (config redundancy-profile alias RP_001) # protection-role primary (config redundancy-profile alias RP_001) # exit (config) # |
|||
|
Configure inline network. |
(config) # inline-network alias IN_001 pair net-a 1/3/g1 and net-b 1/3/g2 |
|||
|
Associate the redundancy profile to the inline network. Also disable link fail propagation on the inline network. |
(config) # inline-network alias IN_001 redundancy-profile RP_001 (config) # no inline-network alias IN_001 lfp enable |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable them. |
(config) # port 1/1/x11 type inline-tool (config) # port 1/1/x11 params admin enable (config) # port 1/1/x12 type inline-tool (config) # port 1/1/x12 params admin enable |
|||
|
Configure inline tool and failover action. Then enable inline tool. |
(config) # inline-tool alias IT_001 pair tool-a 1/1/x11 and tool-b 1/1/x12 (config) # inline-tool alias IT_001 failover-action network-bypass (config) # inline-tool alias IT_001 enable |
|||
|
Configure map passall, from inline network to inline tool. |
(config) # map-passall alias INtoIT (config map-passall alias INtoIT) # from IN_001 (config map-passall alias INtoIT) # to IT_001 (config map-passall alias INtoIT) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias IN_001 traffic-path to-inline-tool |
Configure Secondary Role GigaVUE‑HC1
Step |
Description |
Command |
|||
|
Configure ports on the TAP-HC1-G10040 module as passive (in passive mode, relays are closed). Also configure ports, port type (inline-network). |
(config) # port 1/3/g1..g8 params taptx passive (config) # port 1/3/g1..g8 type inline-network |
|||
|
Configure stack port (for signaling port/link) and enable it. |
(config) # port 1/1/x1 type stack (config) # port 1/1/x1 params admin enable |
|||
|
Configure parameters for the redundancy profile such as the signaling port and protection role (secondary). |
(config) # redundancy-profile alias RP_001 (config redundancy-profile alias RP_001) # signaling-port 1/1/x1 (config redundancy-profile alias RP_001) # protection-role secondary (config redundancy-profile alias RP_001) # exit (config) # |
|||
|
Configure inline network. |
(config) # inline-network alias IN_001 pair net-a 1/3/g1 and net-b 1/3/g2 |
|||
|
Associate the redundancy profile to the inline network. Also disable link fail propagation on the inline network. |
(config) # inline-network alias IN_001 redundancy-profile RP_001 (config) # no inline-network alias IN_001 lfp enable |
|||
|
Configure inline tool ports, port type (inline-tool), and administratively enable them. |
(config) # port 1/1/x11 type inline-tool (config) # port 1/1/x11 params admin enable (config) # port 1/1/x12 type inline-tool (config) # port 1/1/x12 params admin enable |
|||
|
Configure inline tool and failover action. Then enable inline tool. |
(config) # inline-tool alias IT_001 pair tool-a 1/1/x11 and tool-b 1/1/x12 (config) # inline-tool alias IT_001 failover-action network-bypass (config) # inline-tool alias IT_001 enable |
|||
|
Configure map passall, from inline network to inline tool. |
(config) # map-passall alias INtoIT (config map-passall alias INtoIT) # from IN_001 (config map-passall alias INtoIT) # to IT_001 (config map-passall alias INtoIT) # exit (config) # |
|||
|
Configure the path of the traffic to inline tool. |
(config) # inline-network alias IN_001 traffic-path to-inline-tool |