IPB P ACKET B ROKER O VERVIEW
Iris Packet Brokers (IPBs) enable you to more effectively utilize your existing Tektronix Communications monitoring solutions, simplify operational complexity, and realize a higher ROI from additional cost savings and service quality improvements. IPB intelligent stacking technology, vMesh, enables traffic capture devices to be deployed in a redundant, low-latency mesh for total, dynamic, fault-tolerant visibility.
Figure 1.1 - Iris Packet Brokers
With the visionary vMesh approach to architecture, you get the flexibility and modularity to deploy just the appliances you need and when, with the ability to scale link-layer visibility and data access to a system-level architecture with up to 256 ports globally. The business benefits include more flexible capital requirements, high tool utilization and ROI, and lower operating costs.
Designed specifically to address high bandwidth interfaces and data center applications, the NEBS compliant Iris Packet Broker (IPB) features a scalable, modular architecture that bridges the gap between 1 GigE, 10 GigE, and 40 GigE networks. They also provide all of the intelligent network packet functionality on a large scale. Each model supports a maximum of four SFP+ modules that support different features, port densities, and port speeds up to a maximum line rate throughput of 240 Gbps for the IPB220 series and 640 Gbps for the IPB420. Additionally, ports and features are enabled as they are needed by license key. Any port can be designated as an ingress/input or an egress/output port.
Hardware-based filtering allows traffic to be distinguished according to source and destination MAC/IP address as well as by specific protocols, such as HTTP, VoIP, GTP, and LTE. A custom filter offers more granular specification for filtering within the packet payload. Filters can be ingress, egress, and
overlapping.
All IPB models support symmetrical L2 to L4 load balancing. Session aware load balancing is provided by TD140. Select IPB models have optional features including port stamping, time stamping, and microburst protection. To feed third party tools, select IPB models have optional features including protocol/tag stripping (GTP, VLAN, MPLS) and conditional packet slicing.
IPB220
IPB420
All IPB models support a connection between multiple units which enables up to 256 ports at a single site. In addition, IPB can be deployed in a redundant, low-latency mesh for total, dynamic fault-tolerant visibility. Select IPB models have an option to support inter-connected IPBs over a LAN or WAN using TCP which enables backhaul of traffic from remote sites to a central monitoring location. To protect against data attacks during backhaul, secure data encryption (AES) is supported. Redundant hot-swappable power supplies, fans, and air filters allow seamless transitions between power systems and ensure uptime.
IPBs are an add-on to TD140 deployments; they do not replace TD140s.
IPB F EATURES PER M ODEL
Tektronix Communications offers the following Iris Packet Broker (IPB) models:
IPB220 Base
IPB220 Advanced
IPB420
Table 1.1 shows the features available for each IPB model
Table 1.1 - IPB Feature Support per Model
Feature IPB Model
Selective Port Aggregation and/or Replication
Layer 2 to Layer 4 Filtering
Symmetrical L2 to L4 Load Balancing
NTP or PTP timing
vMesh Direct Connect (connected by cable)
Integrated with IrisView Alarms and System Health visibility
Integration with GeoProbe platform family G10 only
1G or 10G Ethernet port
40G Ethernet port
Time & Port Stamping
Option to disable time and port stamping on egress
Within a GTP tunnel, L3 and L4 Filtering, 10G
A CCESSING IPB S YSTEM M ANAGEMENT W EB GUI
Refer to one of the following sections for access information:
Accessing IPB Web GUI From IrisView
Accessing IPB Web GUI from Web Browser
Accessing IPB Web GUI From IrisView
Perform the following to access the IPB System Management Web GUI from within IrisView.
Tektronix Communications service personnel must initially setup the IPB to enable IrisView to access its configuration GUI. Contact Tektronix Communications for details.
Step Action
1. Log into IrisView.
2. Select System Config from the Admin menu. The Probes tab appears.
3. Select an IPB (“I” icon) in the Probe List (Figure 1.1). The right pane displays the IPBs Ports tab, Details tab, and IPB Configuration tab.
Microburst Protection (High Data Burst Buffer)
Protocol/Tag Stripping (GTP, VLAN, MPLS)
vMesh over IP (Interconnect IPB over TCP/IP)
Table 1.1 - IPB Feature Support per Model (Continued)
Feature IPB Model
IPB220 Base
IPB220 Advanced
IPB420
4. Select the IPB Configuration tab to access the IPB System Management Web GUI (Figure 1.2).
Figure 1.2 - IrisView IPB Configuration Tab
Some pages on the IPB System Management Web GUI are not accessible via IrisView, such as Access Control and SNMP Settings. You can only access them from the GUI directly from the Web browser.
The main System Status page appears (Figure 1.2). This page consists of two panes:
Menu Pane, which allows selection of other pages, such as System settings and Port settings.
Port Status pane, which appears on the right (refer to System Status Page for details).
Refer to the the remaining chapters in this guide for details about configuring the IPB using this GUI.
Accessing IPB Web GUI from Web Browser
Tektronix Communications recommends the following Web browsers for use with IBP devices:
Apple Safari 5.0 (or later)
Google Chrome 17.0 (or later)
Microsoft Internet Explorer 7.0 (or later)
Mozilla Firefox 3.6 (or later)
With all browsers, ensure Cookies are enabled. If using Internet Explorer, also ensure the Compatibility View is disabled. Adobe Flash Player is also required to be able to view the graphical dials and sliders in the Network Activity screens.
Perform the following to access IPB system management via a Web browser.
Step Action
1. Connect a CAT 3 (or higher) Ethernet cable between the IPB’s management port and a PC or server.
2. Power on the unit. You should see the Link Status LED illuminate on the connected management Ethernet port.
3. Connect to the device by entering the IP address of the device into the Web browser’s URL address box. Depending on your browser, you may need to include “http://” in the IP address.
4. You will see the login security popup appear. Enter your user name and your password.
The main System Status page appears (Figure 1.3). This page consists of two panes:
Menu Pane, which allows selection of other pages, such as System settings, SNMP settings, and Access control settings.
Port Status pane, which appears on the right (refer to System Status Page for details).
Figure 1.3 - System Status Page
IPB Port Configuration Guidelines
O VERVIEW
Once the IPB unit is physically installed, the system is configured with the IP address it needs to establish communications to the Iris Server for configuration and maintenance. You must properly configure IPB port settings to ensure correct time stamping.
Port configuration settings differ depending on what monitoring equipment you connect to the IPB. Refer to the following sections for details:
IPB220s Connecting to G10 Standalone, G10 Media Probe, or G10 Control Plane Probe
IPB420s Connecting to G10 Standalone or G10 Media Probe
IPB420s Connecting to G10 Control Plane Probe
IPBs Connecting to TD140s or SpIprobes
IPB Backhaul Scenario
IPB220 S C ONNECTING TO G10 S TANDALONE , G10 M EDIA P ROBE ,
OR G10 C ONTROL P LANE P ROBE
Figure 2.1 shows IPB220s connecting from the network element to a G10 (Standalone, Media, or Control Plane). These settings apply when connecting to a standalone G10, a Control Plane probe, or a Media probe. This scenario does not require any G10 configuration in Iris Admin; the G10s are not bound to the IPB220 in this scenario.
Figure 2.1 - IPB220 Connecting to G10 Standalone, G10 Media Probe, or G10 Control Plane Probe
IPB220 INGRESS Port Settings
Table 2.1 shows the IPB220 Ingress port settings you configure on the Port Settings Page in the IPB system software.
Table 2.1 - IPB220 INGRESS Port Settings
Port Setting Set to:
Port Class Span
Link State Auto
Monitor Output Timestamping Disabled
Monitor Output Portstamping Disabled
GTP Decapsulation (if applicable) Disabled
IPB220 EGRESS Port Settings to a G10
Table 2.2 shows the IPB220 Egress port settings you configure on the Port Settings Page in the IPB system software.
G10 Configuration in Iris Admin (G10s Connected to IPB220s)
In Iris Admin, create a physical link for the G10 connecting to the IPB220. G10s are not bound to IPB220s.
IPB420 S C ONNECTING TO G10 S TANDALONE OR G10 M EDIA P ROBE
Figure 2.2 shows IPB420s connecting from the network element to a standalone G10 or G10 Media Probe. These settings apply when connecting to a standalone G10, a Control Plane probe, or a Media probe. This scenario requires additional configuration for the G10 in Iris Admin.
Figure 2.2 - IPB420 Connecting to G10 Standalone or G10 Media Probe Table 2.2 - IPB220 EGRESS Port Settings
Port Setting Set to:
Port Class Monitor
Link State Auto
Egress timestamping N/A
Monitor Port VLAN Tagging Disabled
TekComms Encapsulation N/A
Encapsulate using Tektronix-format timestamp/portstamp (appears when TekComms Encapsulation is Enabled)
N/A
IPB420 INGRESS Port Settings
Table 2.3 shows the IPB420 Ingress port settings you configure on the Port Settings Page in the IPB System Software.
IPB420 EGRESS Port Settings
Table 2.4 shows the IPB Egress port settings you configure on the Port Settings Page in the IPB System Software.
Configuration in Iris Admin (G10s Connected to IPB420s)
In Iris Admin, perform the following to complete configuration of this scenario:
Bind the G10 to the IPB420.
Create a physical link for the IPB420 ingress ports.
Set the following G10 physical device port settings on the Probe Details pane in Iris Admin System Config. Refer to the Iris Admin online help for details.
- Set Enabled column to True for all ports that are physically connected to IPB; set Enabled column to False for all ports not connected to the IPB.
Table 2.3 - IPB420 INGRESS Port Settings
Port Settings Set To:
Table 2.4 - EGRESS Port Settings
Port Settings Set To:
Port Class Monitor
Link State Auto
Egress timestamping Disabled1
1. DO NOT enable this option; this option must be Disabled.
Monitor Port VLAN Tagging Disabled
TekComms Encapsulation Enable
Encapsulate using Tektronix-format timestamp/portstamp (appears when TekComms Encapsulation is Enabled)
Enable
IPB420 S C ONNECTING TO G10 C ONTROL P LANE P ROBE
Figure 2.4 shows IPBs connecting from the network element to a G10 Control Plane Probe. G10 Control Plane probes do not bind to IPB420s.
Figure 2.3 - IPB420 Connecting to G10 Control Plane Probe
IPB420 Ingress Port Settings
Table 2.7 shows the IPB Ingress port settings you configure on the Port Settings Page in the IPB System Software.
Table 2.5 - IPB420 INGRESS Port Settings
Port Settings Set To:
Port Class Span
Link State Auto
Monitor Output Timestamping Disabled
Monitor Output Portstamping Disabled
GTP Decapsulation N/A
IPB420 Egress Port Settings
Table 2.8 shows the IPB Egress port settings you configure on the Port Settings Page in the IPB System Software.
Configuration in Iris Admin (G10 Control Plane Probe Connected to IPB420s)
In Iris Admin, perform the following to complete configuration of this scenario:
Create a physical link for the IPB420 ingress ports.
Set the following G10 physical device port settings on the Probe Details pane in Iris Admin System Config. Refer to the Iris Admin online help for details.
- Set Enabled column to True for all ports that are physically connected to IPB; set Enabled column to False for all ports not connected to the IPB.
- Set Op Mode to Negotiate for enabled G10 ports
- The Direction setting (TX, RX, Span) is ignored by the G10 probe when it is connected to a IPB.
IPB S C ONNECTING TO TD140 S OR S P I PROBES
Figure 2.4 shows IPBs connecting from the network element to a TD140 or SpIprobe 3U/14U. TD140s and SpIprobes do not bind to IPB420s.
Table 2.6 - IPB420 EGRESS Port Settings
Port Settings IPB420
Port Class Monitor
Link State Auto
Egress timestamping Disabled1
1. DO NOT enable this option; this option must be Disabled.
Monitor Port VLAN Tagging Disabled
TekComms Encapsulation Enabled
Strip timestamp/portstamp Enabled
IPB Ingress Port Settings
Table 2.7 shows the IPB Ingress port settings you configure on the Port Settings Page in the IPB System Software.
IPB Egress Port Settings
Table 2.8 shows the IPB Egress port settings you configure on the Port Settings Page in the IPB System Software.
TD140 Port Settings
Refer to TD140 documentation for details.
SpIprobe Port Settings
Refer to GeoProbe Network Configuration Guide for details about SpIprobe port configuration.
Table 2.7 - INGRESS Port Settings
Port Settings IPB420 IPB220
Port Class Span Span
Link State Auto Auto
Monitor Output Timestamping Disabled Disabled
Monitor Output Portstamping Disabled Disabled
GTP Decapsulation N/A Disabled
Table 2.8 - EGRESS Port Settings
Port Settings IPB420 IPB220
Port Class Monitor Monitor
Link State Auto Auto
Egress timestamping Disabled1 N/A
Monitor Port VLAN Tagging Disabled Disabled
TekComms Encapsulation Enabled N/A
Strip timestamp/portstamp Enabled N/A
1. DO NOT enable this option; this option must be Disabled.
IPB B ACKHAUL S CENARIO
Traffic from multiple, remote locations can be backhauled to a central monitoring location (Figure 2.5).
Figure 2.5 - Backhaul Scenario with IPB220s and IPB420s
IPB220 INGRESS Port Settings
Table 2.9 shows the IPB220 Ingress port settings you configure on the Port Settings Page in the IPB system software.
Table 2.9 - IPB220 INGRESS Port Settings
Port Setting Set to:
Port Class Span
Link State Auto
Monitor Output Timestamping Enabled
Monitor Output Portstamping Enabled
GTP Decapsulation (if applicable) Disabled
IPB vMesh (vStack+) Port Settings
Table 2.10 shows the IPB220 vMesh (vStack+) port settings you configure on the Port Settings Page in the IPB system software.
IPB420 EGRESS Port Settings to a G10
Table 2.11 shows the IPB420 Egress port settings you configure on the Port Settings Page in the IPB System Software.
Configuration in Iris Admin (G10s Connected to IPB420s)
In Iris Admin, perform the following to complete configuration of this scenario:
Bind the G10 to the IPB420.
Create a physical link for the IPB420 ingress ports.
Set the following G10 physical device port settings on the Probe Details pane in Iris Admin System Config. Refer to the Iris Admin online help for details.
- Set Enabled column to True for all ports that are physically connected to IPB; set Enabled column to False for all ports not connected to the IPB.
- Set Op Mode to Negotiate for enabled G10 ports
- The Direction setting (TX, RX, Span) is ignored by the G10 probe when it is connected to a IPB.
Table 2.10 - IPB220 EGRESS Port Settings
Port Setting Set to:
Port Class vStack+
Transport Type vStack+ over TCP or
vStack+ over Ethernet
Link State Auto
Table 2.11 - EGRESS Port Settings
Port Settings IPB420
Port Class Monitor
Link State Auto
Egress timestamping Disabled1
1. DO NOT enable this option; this option must be Disabled.
Monitor Port VLAN Tagging Disabled
TekComms Encapsulation Enable
Encapsulate using Tektronix-format timestamp/portstamp (appears when TekComms Encapsulation is Enabled)
Enable
IPB System Configuration
O VERVIEW
This chapter provides GUI descriptions for the IPB system software. Refer to the following sections for details:
System Status Page
Chassis Module Information Page
System Settings Page
Port Settings Page
SNMP Settings Page
Access Control
Save and Load Configurations
Software Upgrading
S YSTEM S TATUS P AGE
Figure 3.1 shows the overall system status page which displays when you access the IPB using a Web browser.
Figure 3.1 - System Status Page Table 3.1 - System Status Page Elements
Page Element Description
System Status area View the following information:
Current date and time, as set in the unit’s real-time clock.
Date/time when last booted, how long the system has been running, and the date/time of the last configuration change.
System Name (MIB2 SysName), System Location (MIB2 SysLocation), System and Contact (MIB2 SysContact).
Status of the two internal power supplies and Monitor buffer, and the current internal temperature.
System warning or error messages, if any.
Port Column Port designation is [chassis module position]/[port], such as 1/1 (see Figure 3.2) Name Column Name for port, if configured.
Port name is a convenience in being able to easily identify the devices or network segments which are connected to the unit.
Link Column Up - device or network segment is connected to the port and a link has been fully established.
Down - device is disconnected; a link is not established for this port.
Speed Column If link is Up
- Displays current actual speed and duplex state of the port
If a link is Down:
- Port auto-negotiation ON: Speed and Duplex fields are blank
- Port auto-negotiation OFF: Speed and Duplex fields indicate the forced speed and duplex settings that have been configured for the port.
For Fiber-only systems, the Duplex column may not be present.
Duplex Column
Negotiate Column Auto - auto-negotiation is enabled
Off (Forced) - auto-negotiation is disabled
Blank - auto-negotiation is not applicable MDI Column This column appears only if copper SFPs are installed.
Auto - the port is configured for auto- MDIX.
MDI - auto-MDIX is disabled and the port is set to a fixed MDI mode.
MDIX - auto-MDIX is disabled and the port is set to a fixed MDIX mode.
Class Column Monitor - egress port
Tap - IPB does not support this class.
Span - ingress port
Applications Displays the installed applications for this port:
AIA=Aggregation to Inline Applications
GIMSLB=GTP IMSI Balancing (Not Supported)
SOF=Spool over FTP (not supported)
SOT=Span over TCP
VOT=vMesh over TCP/IP Monitor Column The currently-configured network-to-monitor port mapping for the port.
Network port - indicates which monitor ports have been mapped to it.
Monitor port - indicates which network ports have been mapped to it.
Table 3.1 - System Status Page Elements (Continued)
Page Element Description
C HASSIS M ODULE I NFORMATION P AGE
The Chassis Module Information page (Figure 3.2) displays detailed hardware information on both the chassis system, as well as all installed hardware modules and their applications.
Figure 3.2 - Chassis Module (Hardware) Information Page Available chassis information includes:
Base board type, ID, serial number
Manufacturing part numbers
Number of installed hardware modules
Environment status, including temperature, fan and filter Status Column Port’s current state.
OK - link is up
-- - means it is down
No module - module is not present for ports that are activated Optical Power (Tx/Rx)
Column
Shows both the transmit (Tx) and receive (Rx) power levels for ports that have supported SFP or SFP+ modules inserted.
Column does not appear if supported SFP/SFP+ modules are not installed
Setup Access the Port Settings page for the selected port by clicking the associated Setup button.
See Port Settings Page for details.
Table 3.1 - System Status Page Elements (Continued)
Page Element Description
The ports on which the hardware module is installed
Module type, ID, serial number
Manufacturing part numbers
Applications installed on the hardware module
Hardware module revision number
Installed applications can also be viewed per port on the System Status window and on the individual Port Settings windows.
S YSTEM S ETTINGS P AGE
Figure 3.3 shows an example System Settings page.
Figure 3.3 - System Settings Page Table 3.2 - System Settings Page Elements
Page Element Description
System Settings View and define:
System name
System location
System contact
Network Settings View and define:
IPB IP address (IPv4 or IPv6)
Net/subnet mask
Default gateway/router address
DNS server address
Syslog server addresses or URL.
- Info such as port up/down, temperature, and voltage status changes are sent to syslog server addresses if defined.
System (Timestamping) Clock Local Clock Settings
View and define local date and time
Set the date and time from the local computer’s clock by clicking the down-arrow.
System (Timestamping) Clock NTP Configuration
Define NTP servers to provide a timing reference for the IPB system clock
Displays status of the connection and synchronization as well as the Deviation of the system clock from the NTP source
System (Timestamping) Clock GPS Configuration
Define the length of the cable from the IPB to the GPS receiver to achieve the expected accuracy.
View status of GPS signal and number of satellites.
System (Timestamping) Clock PTP Configuration
Enable PTP and/or 1PPS
Define IP address and subnet mask of PTP server
Configure the following parameters:
Configure the following parameters: