5.5.13. Managing capture interface aggregation
5.5.13.1. Introduction
This procedure describes the aggregation of monx capture interfaces.
For more information on aggregation, see the paragraph Capture and monitoring interfaces monx between TAP and GCap: aggregation possibility
The aggregation functionality of the capture interfaces on the GCap leads to impacting some related functions:
Maximum Transmission Unit (MTU): the maximum size of a packet that can be transmitted at one time without fragmentation.
MTU: uses the largest value of the interfaces making up the aggregation.Static rules for filtering flows captured by capture interface: XDP (eXpress Data Path) filter function.
XDP filter. XDP filtering is not applied by default to the aggregation created but rather to the interfaces that comprise it. It must therefore be applied individually to each aggregated interface.File rebuilding rules.
Rebuild rule: When enabling interface aggregation and multi-tenant detection, file rebuild rules are not generated.
To create an aggregation of mon0 and mon1 interfaces, use the set clusters add interfaces mon0 mon1 command.
5.5.13.2. Prerequisites
User: setup
Commands used in this procedure:
5.5.13.3. Preliminary operations
Connect to the GCap (see Procedure for connecting to the GCap via SSH).
Stop the detection engine (see monitoring-engine)
5.5.13.4. Procedure for displaying the aggregation of capture interfaces
Enter the following command.
(gcap-cli) show clusters
Validate.
The system displays the aggregation if it exists.
If none exists, then the following message is displayed:
No network cluster defined.
5.5.13.5. Procedure for displaying the available capture interfaces and activating the 2 interfaces to be aggregated
Use Procedure C of the Procedure for managing capture interface settings
monx.Note the interfaces to be used (e.g.
mon0andmon1).
5.5.13.6. Procedure to create an interface aggregation
Enter the following command.
Note
The description of an aggregation of interfaces is optional (part description test).
(gcap-cli) set clusters add interfaces mon0 mon1 description `test`
Validate.
The system displays the result.
Creating cluster test with interfaces mon0, mon1 Successfully created cluster `test`
5.5.13.7. Procedure for displaying the status of the created aggregation
Enter the following command.
(gcap-cli) show clusters
Validate.
The system displays the created aggregation.
Name State Description Interfaces cluster0 Disabled test mon0, mon1
The aggregation, once created with the Name cluster0, must be activated.
5.5.13.8. Procedure for activating the created aggregation
Enter the following command.
(gcap-cli) set clusters enable cluster0
Validate.
The system displays the following message.
Enabling cluster cluster0