About Inline Network Groups
Use the Inline Network Group configuration page to configure an inline network group. An inline network group is an arrangement of multiple inline networks that share the same inline tool or tools. Use this page to specify the list of inline networks in the inline network group.
The inline network ports that make up the inline networks participating in the inline network group are always in pairs, running at the same speed, on the same medium (fiber or copper). All inline network ports of the inline network group must be on the same GigaVUE‑HC3, GigaVUE‑HC2, or GigaVUE‑HC1 node. The inline networks participating in the inline network group can be different speeds and different mediums.
An inline network group can share an inline tool, or tools in an inline tool group or inline tool series. Many-to-one means from an inline network group to an inline tool and is shown in Figure 1 Inline Network Group Many-to-One. Many-to-many means from an inline network group to an inline tool group or inline tool series.
.
|
Figure 186
|
Inline Network Group Many-to-One |
When an inline tool or inline tool group is configured between several pairs of networks, each pair operates independently of the others. The traffic coming from the inline tool or tools must be segregated into individual substreams according to the traffic source.
For example, the traffic that came into the GigaVUE node on inline network port net_A_3 must be sent through inline network port net_B_3 (with net_A_3 and net_B_3 belonging to the same inline tool that is the third member of the inline tool group). Refer to Figure 2.
|
Figure 187
|
Inline Tool Inserted in Multiple NetA-NetB Links |
To accomplish the segregation, packets are tagged coming from an individual side A inline network port before they are sent to the inline tool or tools. When tagged packets come back from the inline tool or tools, the tag identifies the respective side B inline network port through which the packets should be sent. The tags are removed before the packets are sent through the side B inline network ports.
Traffic is guided to a particular inline network through internal VLAN ID tagging. This VLAN tagging affects packets only on their way from inline tool ports to the attached inline tool and back from the attached inline tool to the inline tool ports. The packets sent out from inline network ports remain untagged. Refer to Figure 1 Inline Network Group Many-to-One.
Note: Internal VLAN ID tagging creates hidden VLAN ID tags. Explicit VLAN ID tagging is not needed, however starting in software version 4.6, explicit VLAN tagging is also available. Refer to Configurable VLAN Tagging.
Inline Tool Sharing
Inline network groups require inline tool sharing to be enabled on the inline tool or the members of the inline tool group or inline tool series specified in the inline map.
When shared is enabled (true), the inline tool can receive traffic from multiple sources (the inline networks in the inline network group) and can be used in a map in which the source is an inline network group.
An inline tool group or inline series does not have its own shared setting. The shared setting is derived from the inline tools. Therefore all the members in an inline tool group or inline series must have the same setting. For example, if an inline tool group has three inline tool members, the shared setting of all three inline tools must be the same.
Configurable VLAN Tagging
Explicit VLAN tagging for inline network groups can be configured. For example, you can use VLAN tags for managing policies. A mixture of internal and explicit VLAN tags is supported.
The VLAN tags are configured on the ports of inline networks. They can be configured at any time, but are only applied when the inline networks are part of an inline network group. Across the inline network group, the VLAN tags must be unique; however, both ports of an inline network can have the same VLAN tag. Refer to Tools in Bridge Mode.
An error message is displayed if the same VLAN tag is used for more than one inline network in an inline network group.
Refer also to Ingress and Egress VLAN.
Note: For inline SSL decryption, the inline network group does not support ingress VLAN tagging on the member links.
For out-of-band maps from inline network group ports or inline tool ports mapped from an inline network group, the out-of-band tool ports will receive the following:
|
■
|
tagged packets, if they originally come from an inline network port with an ingress VLAN tag configured |
|
■
|
untagged packets, if they originally come from an inline network port without an ingress VLAN tag configured |
Add VLAN Tag
The following are the steps for adding a VLAN Tag.
|
1.
|
From the left navigation pane, go to System > Ports > Ports > All Ports. |
|
2.
|
Select the port to configure as an inline network port and click Edit. |
|
3.
|
Set the following parameters to configure an inline network port with VLAN tagging: |
|
o
|
Select Inline Network or Network for Type. |
|
o
|
Enter a VLAN ID in the VLAN Tag field. |
Tools in Bridge Mode
The same VLAN tag can be assigned to both ports in an inline network port pair.
The following example configures the same ingress port VLAN tag on the net-a and net-b ports of an inline network. When the net-a and net-b ports have the same VLAN tag, an inline tool will send packets back to the network from which it came.
|
1.
|
From the left navigation pane, go to System > Ports > Ports > All Ports. |
|
2.
|
Configure the net-a port. |
|
a.
|
Select the port (for example, 1/1/x17) and click Edit. |
|
b.
|
Enter inline-network-port-a in the Alias field. |
|
c.
|
Select Inline Network for Type. |
|
d.
|
Enter 123 in the VLAN Tag field. |
|
3.
|
Configure the net-b port. |
|
a.
|
Select the port (for example, 1/1/x18) and click Edit. |
|
b.
|
Enter inline-network-port-a in the Alias field. |
|
c.
|
Select Inline Network for Type. |
|
d.
|
Enter 123 in the VLAN Tag field. |
|
4.
|
Configure the Inline Network. |
|
a.
|
Select Inline Bypass > Inline Networks. |
|
c.
|
Enter an alias in the Alias field. |
|
d.
|
Select port 1/1/x17 for Port A. |
|
e.
|
Select port 1/1/x18 for Port B. |