Deploy the EDA 9300 sensor
This guide explains how to install the rack-mounted EDA 9300 sensor.
Installation prerequisites
- Sensor
- 2U of rack space and electrical connections for 2 x 800 W power supplies.
- Management
- One 10/100/1000 BASE-T network port or one 10G BASE-SR port for sensor management.
- Monitoring (capture)
- High performance interfaces: One to six network ports for connection to 25 GbE or 10 GbE sources of packet data.
- Management + monitoring interfaces: One to two network ports for connection to 1 GbE sources of packet data.
- Network Access
- Ensure that administrators can access the Administration settings on the sensor over TCP port 443.
- Configure your firewall rules to allow outbound access over port 443 to ExtraHop Cloud Services.
For more information about the interfaces on the ExtraHop system, see the ExtraHop Hardware FAQ.
Rear panel ports
EDA 9300
- Four 25 GbE-capable ports on two network adapters
- One RS-232 serial port to connect a console device
- Power supply unit (PSU2) to connect the sensor to an AC power source
- One VGA port to connect an external display
- Two USB 3.0 ports to connect input devices such as a keyboard and mouse
- One iDRAC interface port
- Two 10 GbE ports. These ports can be configured as a management port or management and RPCAP/ERSPAN/VXLAN/GENEVE target. These ports
also function as high-performance monitoring (capture) interfaces.
Note: Processing RPCAP, ERSPAN, VXLAN, and GENEVE traffic is limited to 1 Gbps per interface in "Management + RPCAP/ERSPAN/VXLAN/GENEVE" modes, but the ports support up to 10 Gbps per interface in Monitoring and High-Performance ERSPAN/VXLAN/GENEVE target modes. - Two 10/100/1000 BASE-T network ports. Port 1 is the primary management port. These ports can
be configured as a management port or management and RPCAP/ERSPAN/VXLAN/GENEVE target.
Tip: In environments with asymmetric routing adjacent to the high-performance interfaces, ping replies might not get back to the sender. - Power supply unit (PSU1) to connect the sensor to an AC power source
For more information about the high-performance capture interfaces on the ExtraHop system, see the ExtraHop Hardware FAQ.
Supported packet source connectivity
Connector | Peer Connector for Packet Source | Customer-Supplied Cabling | Supported Operating Speeds |
---|---|---|---|
Transceiver-based Connectivity | |||
25 GbE SFP28 SR transceiver | 25 GbE SFP28 SR transceiver | Multi-mode fiber
LC connectors |
25 Gbps, 10 Gbps |
10 GbE SFP+ SR transceiver | Multi-mode fiber
LC connectors |
10 Gbps | |
10 GbE SFP+ SR transceiver | 10 GbE SFP+ SR transceiver | Multi-mode fiber
LC connectors |
10 Gbps |
Direct Attach Connectivity | |||
QSFP28-to-SFP28 adapter with customer-supplied SFP28 DAC cable, such as the Mellanox MCP2M00-Axxx series | 25 Gbps | ||
Customer-supplied RJ45 Ethernet cable | 1 Gbps |
Note: | The packet processing capability of the sensor is 50 Gbps. While it is possible to oversubscribe the sensor by sending more than 50 Gbps of packet data across the four 25 GbE-capable ports and two 10 GbE-capable ports, inbound workloads that exceed 50 Gbps will result in dropped packets. |
Traffic distribution guidelines
- Packets from the same flow should be received on the same interface, or on interfaces of the same network interface card (NIC).
- The ingest on each NIC should not exceed 75% of the rated analysis throughput for the sensor to ensure that traffic is balanced across system resources.
- If your data feed does not require both interfaces on the NIC, disable the unconfigured interfaces in the Administration settings. For example, configure the sensor with a single interface to ingest 50 Gbps on each NIC. Disable the extraneous ports on each NIC. This configuration optimizes performance for 100 Gbps.
- A single high-performance ERSPAN target is expected to process 20 to 30 Gbps. On larger sensors, distribute ERSPAN traffic to more interfaces to scale traffic ingest.
Management IP address configuration
DHCP is enabled by default on the ExtraHop system. When you power on the system, the primary management interface attempts to acquire an IP address through DHCP. If successful, the IP address appears on the home screen of the LCD.
If your network does not support DHCP, you can configure a static IP address through the LCD menu on the front panel or through the command-line interface (CLI).
Important: | We strongly recommend configuring a unique hostname. If the system IP address changes, the ExtraHop console can re-establish connection easily to the system by hostname. |
Configure a static IP address through the LCD
(Optional) Configure the 10 GbE management interface
You can configure a 10 GbE port to manage the system.
Configure the sensor
Next steps
After the system is licensed, and you have verified that traffic is detected, complete the recommended procedures in the post-deployment checklist.
Thank you for your feedback. Can we contact you to ask follow up questions?