xBalancer 3.2.0 was released from engineering last week and is now being tested by our early adopters. I expect that it will be released to the public no later than tomorrow.
- Load Balancing Multicast: Using xBalancer load balancing multicast, one can deliver network traffic to multiple tool groups while load balancing the traffic independently with each group. It allows to load balance incoming traffic to several Load Balancing Groups. Incoming traffic is multi-casted to these groups without the need to use external regeneration taps, port replicators or loopback cables.
- Incremental Filters: With xBalancer 3.2.0 one can change filter policies without worrying about hitting the traffic when filter order is changed. Using this feature, xBalancer will always handle filters in hitless fashion
- Packet Slicing: Packet slicing slices packets when the tool that don’t require complete packets. Using this feature, systems will processes fewer bits while still keeping needed portions of each packet. In some cases this feature will improve the efficiency of protocol analysis, sniffer, and network optimization tools and will increases the capacity of forensic recording tools
- SFP+ statistics: Providing detailed information collected from the fiber optic/copper modules including date code, cable length, and real time diagnostics
- Automatic configuration of optical modules: The network port speed and the Phy driver/receiver parameters are configured automatically based on the SFP/SFP+ type (one can change this setting manually).
Here's a sample configuration showing how to use some of the new advanced features in a very simple fashion from CLI. The WebUI fully supports those functions as well:
In this use case, a customer would like to take networking traffic and use two sets of tools (inline deployments) for IPS and another Web Application Firewall that will only measure HTTP traffic headers, so packet slicing is needed.
! Example config using Load Balancer multicasting ! and packet slicing. ! ! One LBG will get HTTP traffic the other LBG ! will get all traffic. ! ! Traffic going to the HTTP LBG will be mirrored ! to port 24 with its packets truncated to 128 bytes ! ! Enable all ports port 1-24 admin enable ! ! Internally tag packets entering ports 1 and 2 ! These tags will be stripped when egressing ports 1 and 2 port 1 vlan 4001 port 2 vlan 4002 port 1-2 ingress_tag stack ! ! Configure the monitor ports to keep (on egress) ! the vlan tag added on ports 1 and 2. port 17-23 egress_tag keep_added ! ! Set up port 24 as mirror destination port with ! packet truncation size 128 bytes mirror group 1 dst_port 24 truncate size 128 ! ! Two load balancing groups ! LBG 1 gets HTTP traffic ! LBG 2 gets all traffic lbg 1 ports 17,18,19 lbg 2 ports 20,21,22 ! ! Mirror packets from ports 17,18,19 (lbg 1 ports) to mirror group 1 (port 24) port 17-19 mirror group 1 ! ! Redirect packets with multicast dstMac to inline network port filter rule 1 in_ports 1 action redir redir_ports 2 mac_dst 01:00:00:00:00:00 mac_dst_mask 01:00:00:00:00:00 filter rule 2 in_ports 2 action redir redir_ports 1 mac_dst 01:00:00:00:00:00 mac_dst_mask 01:00:00:00:00:00 ! ! Return from monitor ports to network ports based on vlan tag filter rule 11 in_ports 17-23 vlan 4001 action redir redir_ports 2 filter rule 12 in_ports 17-23 vlan 4002 action redir redir_ports 1 ! ! Load balance HTTP traffic coming into ports 1 and 2 to both LBGs filter rule 20 in_ports 1-2 l4_dst_port 80 action lb groups 1,2 ! ! Load balance all traffic to coming into ports 1 and 2 to LBG 2 filter rule 21 in_ports 1-2 action lb group 2
Comments
Post new comment