Configuration Steps
The configuration steps in summary for an inline bypass solution are as follows:
1Configure inline network ports. (Optional for protected inline network.)
1. | Configure inline network. (Optional for protected inline network.) |
2. | (Optional) Configure inline network group. |
3. | (Optional) Configure heartbeat or negative heartbeat profile. |
4. | Configure inline tool ports. |
5. | Configure inline tool. |
6. | (Optional) Configure inline tool group. |
7. | (Optional) Configure inline tool series. |
8. | Configure inline maps, either map passall, map (rule-based), or map shared collector. |
9. | Configure non-default values for parameters of the inline networks or inline tools. |
The summary steps are shown in Figure 1 Configuration Steps for Inline Bypass Solutions.
Figure 10 | Configuration Steps for Inline Bypass Solutions |
The configuration details for an inline bypass solution are as follows:
1Configure inline network ports. (Optional for protected inline network.)
The configuration begins with defining the inline network ports that will participate in the inline network. Use the port command with a port type of inline-network.
For an unprotected inline network, you configure the inline network ports.
For a protected inline network, the ports are created automatically when the bypass combo modules are recognized by the GigaVUE HC Series node.
10. | Configure inline network. (Optional for protected inline network.) |
Next configure the inline network or inline networks using the inline-network command and the port pairs defined in step 1.
For an unprotected inline network, you configure the inline network.
For a protected inline network, the inline network is created automatically when the bypass combo modules are recognized by the GigaVUE HC Series node.
In either case, the inline network will have parameters set to default values, such as, the traffic-path parameter will be set to bypass and the physical-bypass parameter will be set to enable.
The initial forwarding state of the unprotected inline network will be DISABLED. The initial forwarding state of the protected inline network will be PHYSICAL BYPASS.
11. | (Optional) Configure inline network group. |
If the inline bypass solution involves an inline network group, first configure the participating inline networks before configuring the inline network group. Use the inline-network-group command and list the inline networks defined in step 10.
12. | (Optional) Configure heartbeat or negative heartbeat profile. |
If any of the inline tools will be using a heartbeat profile, a default heartbeat profile is provided, so no configuration is needed except an alias. However, if any of the inline tools will be using a heartbeat profile with non-default settings, first configure the heartbeat profile using the hb-profile command, before configuring the inline tools that will use that profile.
If any of the inline tools will be using a negative heartbeat profile, configure the negative heartbeat profile by providing an alias and a PCAP file using the nhb-profile command, before configuring the inline tools that will use that profile.
13. | Configure inline tool ports. |
Next configure inline tool ports. Use the port command with a port type of inline-tool.
14. | Configure inline tool. |
Next configure the inline tool or inline tools using the inline-tool command and the port pairs defined in step 13.
15. | (Optional) Configure inline tool group. |
If the inline bypass solution involves an inline tool group, first configure the participating inline tools, before configuring the inline tool group. Use the inline-tool-group command and list the inline tools defined in step 14.
16. | (Optional) Configure inline tool series. |
If the inline bypass solution involves an inline tool series, first configure the participating inline tools, before configuring the inline tool series. Use the inline-serial command and list the inline tools defined in step 14.
17. | Configure inline maps, either map passall, map (rule-based), or map shared collector. |
The next configuration step is to configure inline maps that specify how to direct the traffic from the configured inline networks and inline network groups to the configured inline tools, inline tool groups, and inline tool series. You can configure either a map passall, a map (rule-based), or a map shared collector. Use the map, map-passall, and map-scollector commands.
18. | Configure non-default values for parameters of the inline networks or inline tools. |
Now configure non-default values for inline network parameters. For example, for an unprotected inline network, when you change the traffic-path parameter to to-inline-tool, traffic will start flowing through the inline tools from the unprotected inline network. For a protected inline network, when you change the physical-bypass parameter to disable, traffic will start flowing through the inline tools from the protected inline network.
For protected inline networks, to start the traffic flowing, perform the following steps:
1. | Change the traffic-path parameter to to-inline-tool. |
2. | Change the physical-bypass parameter to disable. |
3. | Execute the following show commands to see if the traffic is flowing between the side A network and the side B network over a logical bypass: |
show port params port-list <port ID or side A inline network port alias> and show port params port-list <port ID or side B inline network port alias>—The links will be up. |
show inline-network alias <inline network alias>—The forwarding state will be FORCED BYPASS. |
show port stats port-list <port ID or side A inline network port alias> and show port stats port-list <port ID or side B inline network port alias>—The in statistics for side A will match the out statistics for side B. |
Configuration When Operationally Up
Ensure that the GigaVUE HC Series modules are in the operationally up state before configuring them. Configuration changes done when a module is operationally down are not supported.
Also, when an inline tool or inline tool group is in the operationally down state, do not modify the current failover action of that inline tool or inline tool group until the tool has recovered from the failover state.
Avoiding Oversubscription
In general, traffic received at inline network ports is delivered to the destination ports according to the inline maps and the out-of-band maps regardless of whether the destination ports have the capacity to absorb all the traffic or not.
Note: When an inline network is involved in an inline map or an out-of-band map to a destination port (tool port or inline tool port), when there is temporary oversubscription, some packets arriving at the inline network port will be dropped. This can happen when the traffic path is set to bypass or monitoring.
Ensure that destination ports of maps originating from inline network ports have enough capacity to absorb the amount of traffic coming to the inline network ports.