- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-02-2013 07:32 PM
Any of you who have been using PA-devices in tap-mode (acting as a pure IDS) to monitor etherchannel/LACP links (well any form of interface-bonding for that matter) and whats your experience from this?
That is for example a setup such as:
Device1 <-> 2 x fibercables forming a single etherchannel/LACP <-> Device2
and then you plugin wiretaps such as Network Taps | Net Optics, Inc. (or similar) so the setup becomes (still etherchannel/LACP between device 1 and 2) - the use of wiretaps is to not interfere with the traffic but also if the PA loses power or reboots the traffic wont get interrupted:
Device1 <-> 2 x fibercables <-> 2 x wiretaps <-> 2 x fibercables <-> Device2
where the wiretaps will break out 4 lines towards the PA device (RX/TX from the device 1 point of view):
int1: RX_cable1
int2: TX_cable1
int3: RX_cable2
int4: TX_cable2
As I understand if you put both tap-interfaces int1 and 2 in the same zone the PA will automagically reassemble the flows, but what about the etherchannel/LACP case?
Should I, because this will tap on etherchannel/LACP, put all 4 interfaces in the same zone or should I use one zone for int1+2 and another zone for int3+4 in the PA?
Also, since using tap-mode, will this have some demands on how the etherchannel/LACP is being setup (im thinking of loadbalance hashes such as srcmac+dstmac vs srcip+dstip or for that matter srcip in one direction and dstip in the other etc) in order to make PA fully understand the traffic or it doesnt matter as long as the tap-interfaces are in the same zone so the PA will reassemble the flows?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!