Example 17 is an inline bypass solution on GigaVUE-HC2 for an inline tool group with four tools. It is similar to Example 16: Asymmetrical Hashing in Inline Tool Group, but has four rule-based inline maps, one to each individual member of the inline tool group. In Example 17, asymmetrical hashing is used, but the hashing could also be symmetrical. The hashing only applies to the traffic sent to the shared collector.
Example 17 is different from Example 5: Inline Tool Group (N+1) Redundancy. In Example 5, all the traffic was sent to the inline tool group as a whole, using a map passall. Hashing distributed the traffic across the group.
With the multiple rule-based maps in Example 17, specific traffic is sent to specific tools in the inline tool group according to the rules. Each of the four inline maps directs traffic from one source IP address to a specific inline tool in the group.
A shared collector is configured from the inline network to the inline tool group. Traffic that does not match any of the map rules is sent to the shared collector and will be distributed according to the hashing value specified for the group.
Step
Description
Command
- Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.
(config) # port 1/2/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable
(config) # port 1/2/x2 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable
- Configure inline network.
(config) # inline-network alias inNet pair net-a iN1 and net-b iN2
- Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.
(config) # port 1/2/x15 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable
(config) # port 1/2/x16 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable
(config) # port 1/2/x19 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable
(config) # port 1/2/x20 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable
(config) # port 1/2/x21 alias iT5
(config) # port iT5 type inline-tool
(config) # port iT5 params admin enable
(config) # port 1/2/x22 alias iT6
(config) # port iT6 type inline-tool
(config) # port iT6 params admin enable
(config) # port 1/2/x23 alias iT7
(config) # port iT7 type inline-tool
(config) # port iT7 params admin enable
(config) # port 1/2/x24 alias iT8
(config) # port iT8 type inline-tool
(config) # port iT8 params admin enable
- Configure inline tools and enable them.
(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4
(config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6
(config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8
(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable
(config) # inline-tool alias inTool3 enable
(config) # inline-tool alias inTool4 enable
- Configure inline tool group and parameters. Enable it and then configure failover action.
(config) # inline-tool-group alias inToolGroup
(config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2,inTool3,inTool4
(config inline-tool-group alias inToolGroup) # hash a-srcip-b-dstip
(config inline-tool-group alias inToolGroup) # minimum-group-healthy-size 4
(config inline-tool-group alias inToolGroup) # enable
(config inline-tool-group alias inToolGroup) # failover-action network-bypass
(config inline-tool-group alias inToolGroup) # exit
(config) #
- Configure rule-based map, from inline network to first tool in inline tool group, from the same source, inNet.
(config) # map alias inNet-to-inTool1
(config map alias inNet-to-inTool1) # type inline byRule
(config map alias inNet-to-inTool1) # from inNet
(config map alias inNet-to-inTool1) # to inTool1
(config map alias inNet-to-inTool1) # rule add pass ipsrc 10.10.10.101 /32
(config map alias inNet-to-inTool1) # exit
(config) #
- Configure rule-based map, from inline network to second tool in inline tool group, from the same source, inNet.
(config) # map alias inNet-to-inTool2
(config map alias inNet-to-inTool2) # type inline byRule
(config map alias inNet-to-inTool2) # from inNet
(config map alias inNet-to-inTool2) # to inTool2
(config map alias inNet-to-inTool2) # rule add pass ipsrc 20.10.20.102 /32
(config map alias inNet-to-inTool2) # exit
(config) #
- Configure rule-based map, from inline network to third tool in inline tool group, from the same source, inNet.
(config) # map alias inNet-to-inTool3
(config map alias inNet-to-inTool3) # type inline byRule
(config map alias inNet-to-inTool3) # from inNet
(config map alias inNet-to-inTool3) # to inTool3
(config map alias inNet-to-inTool3) # rule add pass ipsrc 31.11.31.103 /32
(config map alias inNet-to-inTool3) # exit
(config) #
- Configure rule-based map, from inline network to fourth tool in inline tool group, from the same source, inNet.
(config) # map alias inNet-to-inTool4
(config map alias inNet-to-inTool4) # type inline byRule
(config map alias inNet-to-inTool4) # from inNet
(config map alias inNet-to-inTool4) # to inTool4
(config map alias inNet-to-inTool4) # rule add pass ipsrc 41.11.41.104 /32
(config map alias inNet-to-inTool4) # exit
(config) #
- Add a shared collector for any unmatched data and send it to the inline tool group. Again, the source is the same, inNet.
(config) # map-scollector alias inNet-to-ITG
(config map-scollector alias inNet-to-ITG) # from inNet
(config map-scollector alias inNet-to-ITG) # collector inToolGroup
(config map-scollector alias inNet-to-ITG) # exit
(config) #
- Configure the path of the traffic to inline tool.
(config) # inline-network alias inNet traffic-path to-inline-tool
- Display the configuration for this example.
(config) # show inline-tool-group
(config) # show map
'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글
| Gigamon IP Tunnel Sending End Configuration (0) | 2021.01.18 |
|---|---|
| Gigamon Resiliency for Inline Protection (GRIP) (0) | 2021.01.18 |
| Gigamon Asymmetrical Hashing in Inline Tool Group (0) | 2021.01.18 |
| Gigamon OOB Maps Originating from Inline Network Group (0) | 2021.01.18 |
| Gigamon OOB Maps Originating from Inline Network (0) | 2021.01.18 |