Port Channeling

Depending on your network configuration, you might need to configure port channeling to provide a data feed to your ExtraHop appliance. This guide illustrates several example configurations with the EDA 9100.

Here are some important things to know about port channeling:
  • Port channels can be configured on all ExtraHop Discover hardware, back to EH2000.
  • Port channels can combine 10 GbE ports or 1 GbE ports. (But 1 and 10 GbE ports cannot be combined together.)
  • Port channels must be configured on interfaces that are set as a monitoring port.
  • Port channels must have a static configuration. LACP is not supported.
  • Port channels can spread a single flow across multiple physical interfaces which can negatively affect performance, store data as uni-directional traffic, and result in incomplete protocol analysis. Complete one of the following steps to avoid these issues:
    • Turn on symmetric hashing on the switch. A single flow (both received and transmitted) is sent to a single port on the Discover appliance.
    • Enable software RSS on the Discover appliance to ensure that all flow packets are reassembled before analysis begins.

The EDA 9100 has four 10 GbE ports for a total of 40 Gbps throughput. You can either span traffic or configure a tap from the 40 G port or from the four 10 GbE ports.

The following diagram shows the back panel of the EDA 9100. Slots 4 and 5 represent the NICs receiving data.

Four data sources (port channeling not required)

As a comparison, the following diagram shows four sources of traffic going to the four 10 GbE ports on the Discover appliance.

Two data sources with two channels (port channeling required)

The following diagram shows two sources of traffic fed through two port channels going to the four 10GbE ports on the Discover appliance.

One data source with one channel (port channeling required)

The following diagram shows one source of traffic fed through one port channel going to the four 10 GbE ports on the Discover appliance.

One data source with two channels (port channeling required)

The following diagram shows one source of traffic fed through two port channels going to the four 10 GbE ports on the Discover appliance. The first port channel 1 is sent to the two ports on the NIC in slot 4 and the second port channel is sent to the remaining two ports on the NIC in slot 5. This configuration does not require symmetric hashing.

Published 2017-07-17 18:27