Professional Documents
Culture Documents
Ngenius Packet Flow Extender (PFX) V6.X Reference: 733-1338 Rev. B March 5, 2020
Ngenius Packet Flow Extender (PFX) V6.X Reference: 733-1338 Rev. B March 5, 2020
x
Reference
73 3-13 38 Rev. B
March 5, 2020
Web: http://www.netscout.com
Use of this product is subject to the End User License Agreement available at http://www.NetScout.com/legal/terms-and-conditions or
which accompanies the product at the time of shipment or, if applicable, the legal agreement executed by and between NetScout Systems,
Inc. or one of its wholly-owned subsidiaries ("NETSCOUT") and the purchaser of this product ("Agreement").
Government Use and Notice of Restricted Rights: In U.S. government ("Government") contracts or subcontracts, Customer will provide
that the Products and Documentation, including any technical data (collectively "Materials"), sold or delivered pursuant to this Agreement
for Government use are commercial as defined in Federal Acquisition Regulation ("FAR") 2.101and any supplement and further are
provided with RESTRICTED RIGHTS. All Materials were fully developed at private expense. Use, duplication, release, modification, transfer,
or disclosure ("Use") of the Materials is restricted by the terms of this Agreement and further restricted in accordance with FAR 52.227-14
for civilian Government agency purposes and 252.227-7015 of the Defense Federal Acquisition Regulations Supplement ("DFARS") for
military Government agency purposes, or the similar acquisition regulations of other applicable Government organizations, as applicable
and amended. The Use of Materials is restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR
Section 12.212, is further restricted in accordance with the terms of NETSCOUT'S commercial End User License Agreement. All other Use
is prohibited, except as described herein.
This Product may contain third-party technology. NETSCOUT may license such third-party technology and documentation ("Third-Party
Materials") for use with the Product only. In the event the Product contains Third-Party Materials, or in the event you have the option to
use the Product in conjunction with Third-Party Materials (as identified by NETSCOUT in the
Documentation provided with this Product), then such third-party materials are provided or accessible subject to the applicable third-
party terms and conditions contained either in the "Read Me" or "About" file located in the Software or on an Application CD provided
with this Product, or in an appendix located in the documentation provided with this Product. To the extent the Product includes Third-
Party Materials licensed to NETSCOUT by third parties, those third parties are third-party beneficiaries of, and may enforce, the applicable
provisions of such third-party terms and conditions.
Open-Source Software Acknowledgment: This product may incorporate open-source components that are governed by the GNU General
Public License ("GPL") or licenses that are compatible with the GPL license ("GPL Compatible License"). In accordance with the terms of
the GNU GPL, NETSCOUT will make available a complete, machine-readable copy of the source code components of this product covered
by the GPL or applicable GPL Compatible License, if any, upon receipt of a written request. Please identify the product and send a request
to:
NETSCOUT Systems, Inc.
GNU GPL Source Code Request
310 Littleton Road
Westford, MA 01886
Attn: Legal Department
To the extent applicable, the following information is provided for FCC compliance of Class A devices:
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules.
These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in
a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own
expense.
Modifications to this product not authorized by NETSCOUT could void the FCC approval and terminate your authority to operate the
product. Please also see NETSCOUT's Compliance and Safety Warnings for NetScout Hardware Products document, which can be
found in the documents accompanying the equipment, or in the event such document is not included with the product, please see
the compliance and safety warning section of the user guides and installation manuals.
No portion of this document may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine form
without prior consent in writing from NETSCOUT. The information in this document is subject to change without notice and does not
represent a commitment on the part of NETSCOUT.
The products and specifications, configurations, and other technical information regarding the products described or referenced in this
document are subject to change without notice and NETSCOUT reserves the right, at its sole discretion, to make changes at any time in
its technical information, specifications, service, and support programs. All statements, technical information, and recommendations
contained in this document are believed to be accurate and reliable but are presented "as is" without warranty of any kind, express or
implied. You must take full responsibility for their application of any products specified in this document. NETSCOUT makes no implied
warranties of merchantability or fitness for a purpose as a result of this document or the information described or referenced within, and
all other warranties, express or implied, are excluded.
Except where otherwise indicated, the information contained in this document represents the planned capabilities and intended
functionality offered by the product and version number identified on the front of this document. Screen images depicted in this
document are representative and intended to serve as example images only.
ii
Contacting NETSCOUT SYSTEMS
Customer Support
The best way to contact Customer Support is to submit a Support Request:
https://my.netscout.com/mcp/Pages/default.aspx
E-mail: support@netscout.com
When you contact Customer Support, the following information can be helpful in diagnosing
and solving problems:
— Type of network platform
— Software and firmware versions
— Hardware model number
— License number and your organization’s name
— The text of any error messages
— Supporting screen images, logs, and error files, as appropriate
— A detailed description of the problem
Sales
Call 800-357-7666 for the sales office nearest your location.
Training
Course listings and information on product certification are available at:
http://www.netscout.com/training
iii
iv
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 1
Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 2
Packet Deduplication Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 2
IP Tunnel Termination Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 2
Tunnel Header Stripping Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 3
Slicing Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 4
Masking Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 4
Encryption Detection Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 5
NetFlow Generation Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 5
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 7
Data Source Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 7
Software and Console Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 7
Modes Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 8
Enabling PFX Capability on Data Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...... 8
PFX Feature Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
General PFX Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Enabling/Disabling PFX Mode on an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Configuring Packet Deduplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configuring IP Tunnel Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configuring Tunnel Header Stripping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Configuring Packet Slicing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring Packet Masking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Configuring Encryption Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Configuring NetFlow Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
v
vi
nGenius Packet Flow eXtender (PFX)
v6.x Reference
Introduction
This document describes the features, setup, and known issues (if applicable) when configuring
nGenius® Packet Flow eXtender (PFX) interfaces on InfiniStreamNG appliances running a v6.x
release from NETSCOUT® SYSTEMS. NETSCOUT strongly recommends that you read this
document in its entirety, as well as the following documentation that it supplements:
• InfiniStream Hardware Appliance Administrator Guide
• InfiniStreamNG Qualified COTS Software Appliance Administrator Guide
• Agent Configuration Utility for CDM/ASI Administrator Guide
These and other documents as well as any updates to this document are available on the
My.NETSCOUT.com website:
https://my.netscout.com/mcp/AddlDocs/Pages/Technical-Documentation.aspx
2 Product Overview
IP Tunnel termination allows the PFX interface to perform encapsulated forwarding of mirrored
traffic. As a destination endpoint, designated interfaces on the PFX receive traffic from one or more
remote mirroring source ports. A remote mirroring source port captures, encapsulates, and
transmits the traffic to a destination port over a local area network. The traffic is typically
encapsulated in GRE (using IP as its transport) and routed across a Layer 3 network between the
source node and the destination node. Acting as an IP endpoint, each defined PFX interface
responds to ARP messages so that upstream switches and routers can forward the tunneled traffic
to the PFX interface.
To enable and configure IP tunnel termination on a PFX interface, perform the steps in
"Configuring IP Tunnel Termination" on page 20.
GRE De-Encapsulation
Encapsulation in GRE means that a packet's content, inside the layer 2 header, is encapsulated
inside new layer 2 (MAC), layer 3 (IP), and optionally layer 4 (usually UDP) headers. These new
headers represent the two main network nodes that the GRE tunnels have been established
between, and do not bear any direct relation to the actual user as seen in the layer 3 and layer 4
headers inside the GRE encapsulation. GRE de-encapsulation removes the outer IP and optional
UDP headers as well as the GRE header, restoring the packet to its condition prior to GRE
encapsulation, except that it retains the same MAC header as the encapsulated packet. Now
filtering and load balancing can be performed on the user session's layer 3 and layer 4 headers
and beyond without difficulty.
VLAN/VNTAG Stripping
With the VLAN/VNTAG header stripping mode configured on a PFX interface, the InfiniStreamNG
appliance will remove the following header fields from tagged packets:
• For packets with a VNTAG: the tag protocol identifier (TPID) and tag value are stripped
out and the packet CRC is recalculated
• For packets with one or more VLAN tags (Ethernet type 0x8100 or 0x88A8): the VLAN
numbers, TPIDs, and tag values are stripped out and the packet CRC is recalculated
Slicing Feature
PFX interfaces on InfiniStreamNG appliances support conditional packet slicing based on one of
two packet matching criteria:
• Based on Ethernet type using the hexadecimal IANA values at
https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml
• Based on IP protocol using the decimal IANA values at
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml (for
example, for UDP use 17, for TCP use 6, etc).
Multiple slicing configurations can be defined and applied to each PFX interface. For each
matching criteria (Ethernet type or IP protocol) you can specify a different slice length. To enable
and configure packet slicing on PFX interfaces, perform the steps in "Configuring Packet Slicing" on
page 22.
Masking Feature
Similar to the packet slicing feature, PFX interfaces on InfiniStreamNG appliances support
conditional packet masking based on one of two packet matching criteria:
• Based on Ethernet type using the hexadecimal IANA values at
https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml
• Based on IP protocol using the decimal IANA values at
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Multiple masking configurations can be defined and applied to each PFX interface, each with their
own matching criteria, offset location to begin masking and mask length. You can also customize
the masking character applied to all masks configured on that interface (default mask is “X”, ASCII
code 0x58).
To enable and configure packet masking on PFX interfaces, perform the steps in "Configuring
Packet Masking" on page 23.
4 Product Overview
Encryption Detection Feature
The v6.x release introduces a new nGenius PFX feature, encryption detection. This feature allows
for special packet handling/filtering for any encrypted packet received on a PFX interface based on
a keyed secure hash. When an encrypted packet is received, the PFX interface on the
InfiniStreamNG appliance can be configured to:
• Drop the encrypted packet (no encrypted packets forwarded for transmitting)
• Slice the encrypted packet (a reduced portion of the packets payload is forwarded for
transmitting based on the configured slice length)
To enable and configure encrypted packet handling on PFX interfaces, perform the steps in
"Configuring Encryption Detection" on page 24.
To enable and configure NetFlow generation on PFX interfaces, perform the steps in "Configuring
NetFlow Generation" on page 25.
6 Product Overview
System Requirements
PFX interfaces can be enabled on select InfiniStreamNG appliances. In order to support PFX
interface mode, ensure that your appliance meets the following requirements and considerations.
Modes Supported
For the v6.x release, each interface on an InfiniStreamNG appliance can be separately configured
to perform (a) PFX functions (such as deduplication, tunnel termination, or NetFlow generation) or
(b) collect packets and generate ASI data to provide to a nGeniusONE server (standard data source
functionality). However, the following limitations apply:
• PFX mode is supported only when the appliance is configured with probe_mode set to
hdx.
• PFX mode is not applicable when GeoProbe software is installed on the InfiniStreamNG
appliance with GEO mode enabled. PFX mode is supported when GEO is off and ASI is
on as described in the geo_probe command description.
• PFX mode can only be enabled on an interface when that interface is:
– Transmit-capable (normally based on the port hardware)
– Not part of an aggregated interface
– Not an aggregation interface
– Not configured in PFS mode
– Not part of a logical Interface
d To activate transmit capability on this interface and configure the interface in PFX
mode, press 2.
If you wish to later disable the transmit capability on an interface, you can toggle PFX mode off
using the Agent Configuration Utility in one of two ways:
• Select the interface (option [7] from the main menu, choose the interface, and enter
option [65} Toggle Interface Mode to return the interface to the default (listen only)
mode
• Enter the command line mode and issue the following command:
set interface_options 65 default
To permanently disable the transmit capability, navigate to the /opt/platform directory, delete the
.pfx_enable file, and restart the processes from the /opt/NetScout/rtm/bin directory.
Interface number : 3
To enable and set interface_options [7] Select Interface Specify the IPv4 address to
configure tunnel 66 <ip address> use for tunnel termination.
termination on
Note that IPv6 format is not
the selected [x] ifnx supported.
interface where x is the interface
number
[66] Configure
Tunnel Termination
To set interface_options [7] Select Interface When prompted for a
enable/disable 66 <on | off> Tunnel Termination IP,
tunnel
you can enter on or off
termination on [x] ifnx instead of an IP address.
the selected where x is the interface Any previously configured IP
interface number address is preserved when
tunnel termination is
[66] Configure disabled (turned off).
Tunnel Termination
Tunnel To enable / set pfx <ifn> [16] PFX Options Off by default, use this
Header disable tunnel tunnel_strip command to enable/disable
Stripping header stripping <type> <on | off>
whether packets are
[x] ifnx transmitted with tunnels
where x is the interface removed and to specifically
Where <type> is one of: number set tunnel stripping on or
all: Enable or disable all of
off for the supported tunnel
the tunnel stripping options
at one time [5] Tunnel Stripping type (MPLS, GRE,
VLAN/VNTAG, MAC routing
generic: Disables all other tunnels for network
types; requires you specify [1] MPLS overlays such as Cisco
an <offset> and <length> [2] GRE FabricPath and TRILL), or
mpls: Stripping of MPLS [3] VLAN/VNTAG MAC-in-MAC tunnels).
headers Be aware that the Generic
[4] MAC Routing
gre: Stripping of GRE tunnel Tunnel option bypasses all
headers stripping and deduplication,
[6] MAC-IN-MAC
vlan_vntag: Stripping of sending the packets straight
[7] GENERIC to transmit. Generic also
VLAN/VNTAG values
mac_rt: Stripping of MAC
[20]Toggle All requires you to specify the
routing tunnel headers offset and length (the length
must be greater than
mac-in-mac: Stripping of
offset). The entered values
MAC-in-MAC encapsulation
are then displayed in next to
headers
the Generic menu option as
(offset:length)
Interface number : 3
4 To determine the current interface mode, look at the value next to [65} Toggle Interface
Mode. In the example above, the mode is default, which is the standard packet
collection mode for ASI processing where the interface listens but does not transmit.
5 To enable PFX mode, enter option [65} Toggle Interface Mode. The system checks to
verify that the interface is:
– Transmit-capable (normally based on the port hardware)
– Configured in HDX (half-duplex) interface mode
– Not part of an aggregated interface
– Not an aggregation interface
– Not configured in PFS mode
– Not part of a logical Interface
Note: The deduplication window size is fixed at 1 second and cannot be changed.
6 To configure packet deduplication on another PFX interface, type 99 and press Enter to
return to the PFX Options menu. Select another interface and repeat Steps 4 and 5;
otherwise, continue with the next step.
7 Type 99 and press Enter as necessary to return to the main menu and select option 12
to reset the agent when you are done.
8 Turn on packet slicing for this interface by typing 30 and pressing Enter. You can later
toggle off slicing by entering the same value again.
9 To configure packet slicing on another PFX interface, type 99 and press Enter to return
to the PFX Options menu. Select another interface and repeat Steps 5 and 6; otherwise,
continue with the next step.
10 Type 99 and press Enter as necessary to return to the main menu and select option 12
to reset the agent when you are done.
Note: The default masking character is ASCII 0x58 (“X”). If you want to use another character as the mask,
such as a space, you must use the command-line option on the Agent Configuration Utility (refer to "Agent
Configuration for PFX Quick Reference" on page 11 for the command syntax). Note that this command sets
the masking character for all interfaces.
9 To configure packet masking on another PFX interface, type 99 and press Enter to
return to the PFX Options menu. Select another interface and repeat Steps 4 through 8;
otherwise, continue with the next step.
10 Type 99 and press Enter as necessary to return to the main menu and select option 12
to reset the agent when you are done.
You can remove masking configurations at any time by performing Steps 1 through 4 above to
access the PFX Masking Configuration display for the selected interface and then typing 32 to
delete a selected configuration (specified by Entry ID) or typing 33 or delete all configurations
applied to this interface (which also disables masking on the interface). After you delete one or
more masking configurations, reset the agent to put the changes into effect.