• Tag : tap aggregation

 
 

Arista LAG with TAP Aggregation

Hi All, I am planning to use the Arista Matrix switches in a LAG configuration to expand the ports for the Fiber TAP aggregation solution. But I would like to know how the Tool port and Tap port in a LAG group to be configured for TAP Aggregation.If switch 1 is connected to the Analyser. switch 2 needs to send the Aggregated traffic from the TAP ports to the the switch 1 using the LAG port group. How to configure the Port-channel for the correct TAP and Tool port group ?. Regards, Raj

Tap Aggregation traffic steering

Hello community,we are currently running a POC for TapAggregation at a customer site.They have a – in my opinion – quite simple requirement:– Traffic comes in from tap ports e1-e8– All traffic should leave tool port po25– A subset of the traffic – defined by an ACL – should also leave tool port po27 Now we have several issues:– An IP ACL on tool port po27 does not show any effect. I read that egress ACL might not be compatible with every platform so I guess that’s the reason (we use a 7280SE-64)– An IP ACL on the tap ports...
Continue reading →

Traffic Steering using User-Defined Fields

This article describes the TAP Aggregation User-Defined Fields feature. The purpose of the User-Defined Fields feature is to provide custom offset pattern matching to be used in TAP Aggregation Traffic Steering. This allows for deeper packet inspection of up to 128 bytes. User-Defined Fields, or UDFs, are defined as part of an access-list filter and are comprised of an offset, length and pattern match. This describes a single portion of any incoming packet to match the provided value upon. Access-list filters containing a UDF are then applied as usual as part of a TAP Aggregation Traffic Steering policy. UDFs may also be...
Continue reading →

TapAgg truncation

EOS-4.18.1F added truncation capability for Tap Aggregation, which allows tapped traffic to be truncated to a smaller size before being transmitted. It can be used to reduce the amount of traffic received by analysis devices, if only the headers are to be analyzed while the payload of the packets is irrelevant or unwanted for practical or legal reasons. An example could be the analysis of packets in a video streaming network where packets would typically have large payloads that are not necessarily useful for the analyzers. Packet truncation can be configured on tap or tool ports: Truncation configured on a...
Continue reading →

Packet Time Stamping on the 7500R/7280R/7500E/7280E

Time stamping is an important tool for network engineering and performance analysis. EOS-4.18.1F added header time stamping of all packets received on any tap interface in Tap Aggregation mode at line rate (only supported on the 7500R/7280R/7500E/7280E series). A timestamp is taken on ingress and then inserted in packet headers on egress. Time Synchronization and Time Keeping In order to have accurate time stamps, the system must be set up to synchronize its time keeping engine on the data plane to a master clock. Prior to 4.20.5F, the clocks used for time stamping are not synchronized with external sources. Beginning...
Continue reading →

Model validating PTP timestamping in a distributed Tap-Agg network

Abstract This is a test setup using common servers to validate PTP timestamping accuracy of Arista 7150 switches. Introduction Tap Aggregation devices are a growing monitoring model, allowing monitoring applications to analyze a huge set of data sources. In some application monitoring, it’s critical to correlate time to achieve high precision information, where we can measure the precise time in a packet path. For this purpose we have hardware time-stamping, a feature where the tap aggregation device stamp a time reference in each packet. This subject is explored in this article. Devices performing timestamp in packets must use a common...
Continue reading →

Understanding Deduplication in Tap Aggregation (NPB)

  1) What is deduplication ? Deduplication in the context of packet broker networks (Tap Aggregation) is the ability to detect duplicates of a packet, allowing only the first packet and dropping other iterations of the same packet.   2) Hardware impacts the Deduplication performance Deduplication, like many features, requires certain hardware characteristics to be supported by the silicon (network processor), which is the foundation of hardware packet processing and forwarding in networking/Ethernet equipment. It allows matching packet, manipulating, and making forwarding decisions in hardware.   2.1) Processing performance The Arista switches are based on high performance network processors of different...
Continue reading →

Deep Packet Inspection with Tap Aggregation

Introduction In this article we will focus on the Deep Packet Inspection access list enhancements available in Tap Aggregation Exclusive mode on the Arista 7150 series switches. Deep Packet Inspection (DPI) is an Access List enhancement that was introduced in EOS 4.14.0.F. This feature allows the administrator to inspect and match additional bytes in the packet header after the Layer 2, Layer 3 or Layer 4 header. DPI was designed to be utilized while in Tap Aggregation exclusive mode. Typical Use cases for DPI are: Identifying custom fields in Day zero attacks SLA Enforcement via identifying illegal content Behavioural targeting...
Continue reading →

DANZ Table of Contents

Tap Aggregation Introduction to Tap Aggregation Basic Use of Aggregation Groups Tab Aggregation Basic Settings Before You Start Filtering with Port ACLs Tap Aggregation VLAN List Filtering Tap Aggregation Traffic Steering Deep Packet Inspection Truncation on Tap and Tool Ports LLDP on Tap Ports Common Challenges with TapAgg TapAgg Glossary Advanced Mirroring Introduction to Port Mirroring Filtering with Port ACLs Latency Analyzer (LANZ) LANZ Architectures and Configuration LANZ Buffer Tuning Timestamping TimeStamping on the 7150 Timestamping Deep Dive and Frequent Questions Optics Tap Aggregation Optics Selection  

Data Analyzer (DANZ) Glossary

Access List (ACL) The switch configuration used for the purpose of filtering Layer 2, Layer 3, or Layer 4 traffic. See Filtering with Port ACLs Advanced Mirroring An Arista feature set which includes support for filtered, multi-destination mirroring, mirroring to EOS of data plane traffic, advanced load-sharing, and packet truncation.   Aggregation Group A configuration or grouping of Tap and Tool ports together where traffic from all Tap ports in a group will be replicated to all Tool ports in the same group.  A tool port can be a member of multiple aggregation groups whereas a tap port is allowed...
Continue reading →

DANZ Tap Aggregation – Filtering on inner Q-in-Q header, and stripping outer header – At the same time

  This article documents the ability, for the Arista 7150S in Tap Aggregation mode, to selectively filter on inner Q-in-Q header, and also strip the outer  header on egress, effectively allowing a granular selection of what Q-tagged traffic tools will be receiving. Let’s take as traffic example some Q-in-Q traffic: Outer Q-header (Eth-type 0x88a8) – STAG – VLAN ID = 100 Inner Q-header (Eth-type 0x8100) – CTAG – VLAN ID = 101, 102   Packet capture example for this Q-in-Q traffic:   7150S(config)#bash sudo tcpdump -nni mirror0 [...] 22:23:44.040896 00:ab:00:00:02:23 > 00:1c:73:86:00:69, ethertype 802.1Q-QinQ (0x88a8), length 1020: vlan 100, p...
Continue reading →

Basic Use of Aggregation Groups

Introduction Aggregation groups provide a means of grouping tool ports to simplify the mapping of a tap port to multiple tools and allow grouping of alike applications. In current releases, each tap port can only be bound to one default aggregation group at any time. A tool port however, can simultaneously be a member of multiple aggregation groups. This is important as it allows multiple tools or tool servers to receive any of the multiple traffic flows input to the tap ports. The Tap Aggregation operator can for example have an IDS/IPS tool receiving the same traffic as an application...
Continue reading →

Common challenges with TAP aggregation

Introduction Capturing raw network packet data, whether it be from a mirror port or through an aggregation infrastructure, is often perceived to be a complex task. In reality, most of the anomalies or limitations faced by those starting out with capture have simple explanations and are usually not due to problems with the source devices but instead the capturing tool. This article provides a brief of commonly reported issues and some suggested avenues of investigation. Timestamping Timestamps missing or corrupt Check timestamping is configured correctly to match the hosts’ expectations (i.e. is the host looking in the right place for...
Continue reading →

Truncation on Tap and Tool Ports

Introduction EOS supports truncation on ingress and egress. In this article we will focus on how it can be applied in tap aggregation exclusive mode, on the Arista 7150 line of switches. Please refer to the supported features matrix for other hardware platforms. Truncation is the ability to remove unwanted or unneeded bytes from the packet at a configurable or fixed starting byte position, it may also be referred to as ‘Packet Slicing’. This is useful in situations where the data of interest is contained within the headers or early in the packet payload. It can be used to remove...
Continue reading →

LLDP on Tap ports

Introduction As of EOS 4.14.0F for Arista 7150 line of switches and EOS 4.20.1F for Arista 7500/7280 lines of switches, users of the tap aggregation features can benefit from visibility gained from LLDP on tap ports. Neighbor information will now be processed by the CPU and made available via the EOS CLI. Allows the tap aggregation administrator to view neighbor information for verification and troubleshooting. This article details the use of LLDP neighbor information on tap ports in tap aggregation exclusive mode. Show LLDP commands work in Tap Aggregation Exlcusive mode as they do in normal switching mode, no configuration...
Continue reading →

Introduction to TAP aggregation

Introduction Traditional approaches to network monitoring rely on the ongoing collection of generic, high level statistics such as interface utilization from a selection of network devices to detect trends or anomalies in service availability. Such metrics are naturally limited in the level of granularity they can provide and often only provide a hint of real underlying network conditions without providing any visibility into per-application activity or performance. Traditionally, reactive and localized packet capture would be employed to determine the cause of the performance degradation.  However the manual nature of needing to configure packet capture and mirroring and then physically attach...
Continue reading →

TAP Aggregation – Traffic Steering

Introduction This article details the ability of the Tap Aggregator to redirect, or steer, traffic away from the aggregation group that the Tap port belongs to.  This capability allows for a more granular focus and control on individual, or multiple, traffic flows ingressing the Tap Aggregator. The traffic steering capability uses MQC (QoS style) policy and class maps combined with standard access-lists to perform this function.  The feature also allows for the configuration of an identity VLAN different from the identity VLAN associated with the Tap port.  This article details the configuration steps necessary to achieve this functionality. The following...
Continue reading →

Leveraging Deep Inspection and Traffic Steering for monitoring SIP environments

Introduction With the expansion of SIP (Session Initiation Protocol) and RTP (Real-time Transport Protocol) for IP based telephony applications, enterprises and carriers alike have a requirement to track and capture calls or parts of calls for the purposes of performance analysis and forensic/legal monitoring requirements. This post documents a powerful use for Deep Inspection and Traffic Steering features to deliver a highly scaleable yet cost effective solution for stateful load-sharing of monitored VoIP services, avoiding the need for proprietary hardware (such as FPGA based accelerator modules). As the volumes of calls grow, it is clear that traffic will need to...
Continue reading →

Tap Aggregation – Filtering with Port ACLs

  1) Introduction   This article details the filtering of traffic across the Tap Aggregator by using port ACL. The filters allow granular selection of Layer2, Layer3, and Layer4 traffic on a per-port basis. The following other features might also be of interest, but are out of scope of this article: VLAN membership filters Traffic Steering   2) Filtering Overview   The well known MAC and IP Access-List filtering is used to filter traffic in Tap Aggregation mode, just like it does in switching mode. The Layer2/3/4 ACLs can be applied on Tap ports, ingress on Tool ports, egress  ...
Continue reading →