Network Packet Broker CM

This chapter describes the Supervisor section specific to the Network Packet Broker CM module, accessed via the Device Manager menu item. Devices can be managed further in the sections described in Traffic Management and Event Monitoring.

The Registered Devices tab of the Device Manager page provides an overview of the devices managed by the Supervisor, and general information about them, such as their name, model, asset information, shared authentication status, IP address, MAC address, and system status.

List of registered devices

From this dashboard, devices, groups and networks can be added, modified, or removed.

Each device can be assigned to a Group and to a Network:

• Groups are used to organize devices in the Registered Devices tab (this tab), and to display traffic statistics for groups of devices in the Traffic Statistics tab.
• Networks are used to organize devices and K8s clusters into logical networks in the Traffic Management page, with each network operating with its own set of traffic rules.

The view can be changed between Groups View and Networks View via the drop-down menu in the top left corner of the interface. The search bar can be used to filter the current view to display specific devices or groups.

Clicking on a group or network navigates to this group or network, listing the devices it contains. Clicking the Home button navigates back to the root. Clicking the Open Device button of a device opens this device's management GUI in a new tab.

To add a new device, click the Add Device button in the top right corner of the interface, and enter the device's information in the Add Device window. Select a group or network in this window to add the device to this group or network. Enable Shared Authentication if you wish to enable Supervisor's centralized authentication function on this device (see Centralized Authentication). The device's information can be changed at a later time by clicking the device's Edit button in the list.

You can also add new devices via the Discover Devices button. The Discover Devices window lists devices found on the Supervisor's local network, and allows you to add them to the Supervisor.

To create a group, click the Add Group button, and enter the group name and description in the Add Group window. The group's name and description can be changed at a later time by clicking the group's Edit button.

To create a network, click the Add Network button, and enter the network name in the Add Virtual Network window. The network's name can be changed at a later time by clicking the network's Edit button.

To remove a device, group or network, click its Delete button. If a group contains one or more devices, you will be asked whether these devices should be moved to another group, or removed along with the group.

Clicking on a device provides additional information about this device, and the ability to create port groups and packet broker uplinks prior to Traffic Management.

Profitap XX-Series and X2-Series packet brokers interfaces must be organized in port groups in order to create uplinks for the purpose of traffic management. A port group can contain one or more physical ports. Each physical port can only be used within a single port group. Port groups can be used to aggregate incoming traffic and/or distribute (load balance) the outgoing packets, deduplicate traffic, add a VLAN tag to the traffic, create an uplink to an external device, and create or terminate tunnels.

To create a port group, navigate to the Device Manager > Registered Devices page or Traffic Management page, click the device for which to create a port group to open its device details window, and click the Add Port Group button to open the Add Port Groups window. In this window, give a name to the port group, select the port type, select one or more ports, configure the additional options if necessary, and click the Confirm button.

The available port types are determined by the device type, and the additional options are determined by the device type and selected port type. Port types are as follows:

• Simple: Standard port group, used to create uplinks between devices managed by Supervisor. A VLAN tag can be added, and traffic deduplication can be enabled.
• External Device: Creates an uplink to a device that is not managed by Supervisor. The device type must be selected. This device type is strictly informational. A VLAN tag can be added, and traffic deduplication can be enabled.
• Tunnel Termination: Terminates an ERSPAN, GRE-TAP, or VXLAN tunnel. An IPv4 address and MAC address must be specified to associate to the port group. Can be used to receive traffic from K8s clusters.
• Tunnel Creation: Encapsulates the traffic in an ERSPAN type 2, ERSPAN type 3, or GRE-TAP tunnel. The address fields and session ID or GRE key must be specified. The tunnel VLAN used in the tunnel can be specified. It is also possible to truncate the tunneled traffic by specifying the maximum size for each packet in bytes.

XX-Series devices can only create Simple and External Device port groups, without deduplication. X2-Series devices can create all port group types, and use packet deduplication if available on the device.

Port groups that are not currently used in a packet broker uplink or that are connected to an external device are listed in the Unassigned Port Groups section of the device details window. From this listing, port groups can be edited or deleted, and they can be linked to a port group on another packet broker to create an uplink between the two.

Note: Uplinks can only be created such that the devices or other entities in the virtual network are connected in some way. In other words, it is not possible to create separate clusters of devices with no connection between them within the same virtual network.

Supervisor can help you monitor and control how the packet brokers hierarchy is interconnected. The physical connections between the packet brokers are called uplinks, and are used to distribute the traffic across the XX-Series or X2-Series fleet. Creating a simple uplink between two packet brokers is done by creating a port group of the Simple type on each device, then linking both port groups together. Port groups of the Tunnel Termination and Tunnel Creation types can also be used in packet broker uplinks.

The following process is an example for creating a simple uplink:

1. Navigate to the Device Manager > Registered Devices page.
2. Click one of the devices for which to create an uplink to open its device details window.
3. Click the Add Port Group button to open the Add Port Groups window.
4. Name the port group.
5. Set the Port Type to Simple.
6. Select the ports to include in the group.
7. (Optional) Add a VLAN tag.
8. (Optional) Enable traffic deduplication.
9. Click the Confirm button.
10. Repeat this process for the second device.
11. In the device details window of either device, click the Link port group button of the newly created port group to create a new entry in the Packet Broker Uplinks table below.
12. In this new entry, select the device to link and the port group on that device.
13. Click the Add Uplink button to confirm.

Once an uplink has been created, both devices will appear in the graphical view on the Traffic Management page.

Since Profitap packet brokers are likely not the only components of your visibility infrastructure, Supervisor allows you to map external devices connected to your XX-Series and X2-Series devices in the visibility network topology. These can be used as source or destination for your traffic rules. Adding an external device uplink is done by creating a port group of the External Device type.

1. Navigate to the Device Manager > Registered Devices page.
2. Click the device for which to create an external device uplink to open its device details window.
3. Click the Add Port Group button to open the Add Port Groups window.
4. Name the port group.
5. Set the Port Type to External Device.
6. Select the ports to include in the group.
7. Select the External Device Type.
8. (Optional) Add a VLAN tag.
9. (Optional) Enable traffic deduplication.
10. Click the Confirm button.

Once an external device uplink has been created, the external device will appear in the graphical view on the Traffic Management page.

X2-Series devices can terminate ERSPAN, GRE-TAP, and VXLAN tunnels. This can be used for instance to receive traffic from K8s clusters. This is done by creating a port group of the Tunnel Termination type.

1. Navigate to the Device Manager > Registered Devices page.
2. Click the device for which to create a Tunnel Termination port group to open its device details window.
3. Click the Add Port Group button to open the Add Port Groups window.
4. Name the port group.
5. Set the Port Type to Tunnel Termination.
6. Select the ports to include in the group.
7. Select the Tunnel Type.
8. Set an IPv4 and a MAC address for the interface (click the button next to the MAC Address field if you wish to generate a MAC address).
9. Click the Confirm button.

Once a tunnel termination port group has been created, the interface will appear in the graphical view on the Traffic Management page.

X2-Series devices can encapsulate traffic in ERSPAN type 2, ERSPAN type 3, and GRE-TAP tunnels. This is done by creating a port group of the Tunnel Creation type.

1. Navigate to the Device Manager > Registered Devices page.
2. Click the device for which to create a Tunnel Creation port group to open its device details window.
3. Click the Add Port Group button to open the Add Port Groups window.
4. Name the port group.
5. Set the Port Type to Tunnel Creation.
6. Select the ports to include in the group.
7. Select the Tunnel Type.
8. Set the source and destination IPv4 and MAC addresses.
9. Set the session ID or GRE key.
10. (Optional) Enable Add Tunnel VLAN and specify the VLAN ID.
11. (Optional) Enable Limit Packet Size and specify the maximum packet size in bytes for truncating the tunneled traffic.
12. Click the Confirm button.

Once a tunnel creation port group has been created, the interface will appear in the graphical view on the Traffic Management page.

The Traffic Statistics tab provides an overview of the traffic statistics of the devices managed by the Supervisor.

The search bar can be used to filter the current view to display specific devices or groups.

Clicking on a device adds it to, or removes it from, the statistics view in the bottom half of the page. Clicking on a group navigates to this group, listing the devices it contains, and allowing these devices to be added to, or removed from, the statistics view. Clicking the Home button navigates back to the root. Right-clicking a group allows a statistics column for this group to be added to, or removed from, the statistics view. Statistics columns can also be removed from the statistics view by clicking the Clear statistics button next to the column's name.

The Firmware Update tab allows firmware updates to be pushed to multiple devices at once.

Select the devices you would like to update from the list. The list can be filtered by device family, and by group. To filter by device family, use the Device family drop-down menu at the top left of the page. To filter by group, click the filter by group button next to the name of the group on the right-hand side of the list. To remove the group filter, click the clear group filter button at the top right of the list. To select or unselect all devices in the current view, click the checkbox at the top left of the list.

After having selected the appropriate devices, click the Firmware update button to select the firmware file. After confirming the update, the file will be uploaded to the Supervisor, after which the Supervisor will push the update to each of the selected devices. The update status can be followed on this page. Note that the current batch must be completed before a new batch can be started. Also note that, if attempting to update an XX-Series device using an X2-Series firmware file (or vice versa), the update will fail for that particular device.