About Network and Tool Ports
Packets arrive at the Gigamon Visibility Platform at network ports and are directed to monitoring and analysis tools connected to tool ports by flow maps. 1 illustrates the concept of data flows between network and tool ports. Data arrives from different sources at the network ports on the left and is forwarded to different tools connected to the tool ports on the right.
1 | GigaVUE‑OS Packet Distribution |
Network (Ingress) Ports Defined
Network ports are where you connect data sources to GigaVUE nodes. For example, you could connect a switch’s SPAN port, connect an external TAP, or simply connect an open port on a hub to an open port on a line card. Regardless, the idea is the same – network ports are where data arrives at the GigaVUE node.
Note: In their standard configuration, network ports only accept data input – no data output is allowed.
Tool (Egress) Ports Defined
Tool ports are where you connect destinations for the data arriving on network ports on GigaVUE nodes. For example, an IT organization could assign one set of tool ports to its Security Team for an intrusion detection system, a forensic data recorder, and a traditional protocol analyzer while a separate set of tool ports assigned to the Application Performance Management team is used for a flow recorder and a long-term packet capture device. Regardless of the specific tool connected, the idea is the same – tool ports are where users select different portions of the data arriving on network ports.
Note: Tool ports only allow data output to a connected tool. Any data arriving at the tool port from an external source will be discarded. In addition, a tool port’s Link Status must be up for packets to be sent out of the port. You can check a port’s link status on the Ports page by selecting Ports > Ports > All Ports and looking at the Link Status field. 2 shows an example where the link status is up for ports 1/1/x1, 1/1/x2, and 1/1/x3 bu down for port 1/1/x4.
2 | Port Link Status |
Ports on GigaVUE TA Series Traffic Aggregator Nodes
In earlier software versions, GigaVUE TA Series Traffic Aggregator nodes did not support tool ports. Instead, they supported gateway ports as displayed in 3 and described in Concepts Illustrated in 3.
All gateway ports on GigaVUE TA Series nodes are tool ports. For details, refer to Notes and Consideration on GigaVUE TA Series Nodes.
3 | GigaVUE-TA Packet Distribution |
Concepts Illustrated in 3
3 illustrates the concept of data flows. Data arrives from different sources at the network ports on the left and is forwarded to different Gigamon nodes connected to the tool ports (formerly gateway ports) on the right.
The following are important points about setting up packet distribution on GigaVUE TA Series nodes:
Traffic from multiple ingress ports can be sent to the same tool port for aggregated uplink to the Gigamon Platform fabric. |
In this example, the traffic from Inputs A, B, and C is all sent to the same tool port. In turn, this tool port is connected to a GigaVUE HC Series node so that the combined traffic from these inputs is available to the full suite of Flow Mapping® tools provided by the Gigamon Visibility Platform.
Traffic arriving at a single network port can be sent to multiple destination tool ports. |
Note that in 3, the traffic arriving on Input D is sent to two different tool ports.
Filters can be applied to tool ports: |
Filters applied to tool ports, inline network hybrid and circuit ports are called egress-filters. Egress-filters are useful if you want to send the same traffic to multiple tool ports and have each one allow or deny different packets based on specified criteria. You can use up to 20 egress-filters at a time on GigaVUE TA Series nodes.
Note: In 3, egress-filters are set to focus on different parts of the data stream arriving at Input D – traffic on a VLAN range, a subnet range, and so on.
Notes and Consideration on GigaVUE TA Series Nodes
GigaVUE TA Series nodes support network, tool, stack, and hybrid port types. Refer to the following notes and considerations for GigaVUE TA Series nodes (including GigaVUE-TA1,
Gateway ports on GigaVUE TA Series nodes are removed and converted to tool ports. In addition, gateway mirrors are removed and converted to tool mirrors. |
Tool ports on GigaVUE TA Series nodes can continue to be used to aggregate traffic (as displayed in 3 and described in Concepts Illustrated in 3). |
Tool ports on GigaVUE TA Series nodes can also be used to directly connect to tools, such as firewalls, Intrusion Prevention Systems, or Application Performance Monitors. |
Hybrid ports are fully supported in both standalone and cluster mode on GigaVUE TA Series nodes. |
GigaVUE TA Series nodes can continue to be clustered with GigaVUE HC Series nodes. |
When GigaVUE TA Series nodes are in a cluster, bidirectional traffic flow is enabled on the stack links of GigaVUE TA Series nodes. |
Map rules using GigaVUE TA Series tool ports in the egress direction are supported. |
Hybrid Ports
Hybrid ports are created by creating a dual function tool port. A physical tool port is set as a virtual network port which can then send traffic to other tool ports using secondary maps. A hybrid port is operated in loopback mode. This is only available if the GigaVUE H series node is upgraded to minimum of 4.2 release. For more details on how to setup hybrid ports and the caveats, refer to the GigaVUE-OS CLI Reference Guide.
Stack Ports
Stack ports are used to carry traffic arriving at a network port on one GigaVUE node to a tool port on another GigaVUE node in a cluster.
Inline Network Ports
Inline networks, inline tools, and inline maps work together to form an inline bypass solution. The inline bypass solution has an overall state, which can change in response to hardware conditions and user configuration. Inline network ports are ports to which end-point devices are attached in an inline bypass solution.
Note: Inline network ports are supported only on GigaVUE‑HC1, GigaVUE-HC1P, GigaVUE‑HC2, GigaVUE‑HC3, GigaVUE-TA25, and GigaVUE-TA200.
Inline Tool Ports
Inline tool ports are ports to which inline tools are attached in an inline bypass solution.
Note: Inline tool ports are only supported on GigaVUE‑HC1, GigaVUE-HC1P, GigaVUE‑HC2, GigaVUE‑HC3, GigaVUE-TA25, and GigaVUE-TA200.
Circuit Ports
Required License: Advanced Feature License for GigaVUE-TA Series Nodes
Circuit ports are used to send or receive traffic between two clusters. The circuit ports are configured at the sending and receiving ends of two clusters and the clusters are connected through a circuit tunnel. Circuit ports send or receive only the traffic that is tagged with a circuit-ID. In a map, if a circuit port is used as a source port, it acts as a network port, and decapsulates the traffic that contains a circuit-ID. If a circuit port is used as a destination port, it acts as a tool port, encapsulates the traffic, and strips the circuit-ID.
Circuit ports are supported on the following:
All GigaVUE HC Series and TA Series nodes. |
As a source port in a regular map and as a destination port in a regular collector map. |
GigaStreams, port filter, and port groups. |
GigaSMART Engine Ports
GigaSMART Engine ports are used when configuring GigaSMART groups. These ports cannot be edited. On the Ports page, the GigaSMART engine ports populates only the Port ID, Type, and Link Status fields.