In the Interface tab, you can configure the number of instances of the CX Passive Capture Application and the trafficking rules for sending data to each instance.
You can configure the PCA Web Console to accept IPv6 addresses by default.
The CX Passive Capture Application can be configured to support transparent load balancing or you can disable load balancing and use the legacy method of capturing network traffic.
PCA instances
Multiple interface instances allow the PCA to take advantage of multi-core multi-CPU hardware by allowing multiple processes to concurrently capture network traffic for HTTP hit reassembly and SSL decryption.
Note: The number of PCA instances must not exceed: (the number of available cores) -
1
Configuring the PCA Interface without Transparent Load Balancing
From the top of the page, you can select the view for the page. To configure individual instances of the CX Passive Capture Application, click View Instances.
Traffic Segmentation: Through the Interface tab, you can segment the traffic to multiple instances of the CX Passive Capture Application.
Note: Wherever possible, IP address segmentation is the preferred method over port segmentation.
Configuring the PCA Interface with Transparent Load Balancing
You can configure the network interface of your CX Passive Capture Application with transparent load balancing.
In the Interface tab, you can configure the number of instances of the CX Passive Capture Application and a traffic rule for sending data to each instance.
You can configure the PCA Web Console to accept IPv6 addresses by default.
Note: After you save changes in the Interface tab, a manual restart of the PCA is required.
From the top of the page, you can select the view for the page. To configure individual instances of the CX Passive Capture Application, click View Instances.
Traffic Segmentation: Through the Interface tab, you can segment the traffic to multiple instances of the CX Passive Capture Application.
Note: Wherever possible, IP address segmentation is the preferred method over port segmentation.
Disabling Packet Checksum Validation
By default, the PCA performs a checksum validation for each packet that is forwarded to it. In environments with network interface cards (NICs) that use large receive option (LRO) or checksum offloading (rx-checksumming) or both, checksum validation of captured network packets is managed in the hardware of the card. Since the checksum validation is performed on individual packets in the hardware, there is no reasonable must perform another checksum of the aggregated, larger packets.
When either or both of these options are enabled, the resulting packets that are forwarded to the PCA do not contain a recomputed packet checksum, which causes the PCA checksum to fail and the packet to be discarded. Other effects:
- The counts of missing or partial pages rise in session data.
- The PCA stats must show a significant increase in
Total checksum errors
.
Disable Packet checksum validation
check box in the Interface tab.As an alternative, you can enable packet checksum validation for the CX Passive Capture Application if you disable checksum offloading through the operating system driver level. However, this option adds a processing usage to the operating system.
The command to disable checksum offloading to the NIC must be placed in the bootup configuration script.
Traffic Segmentation
Captured packets are trafficked to individual instances of the PCA based upon the specified Desired Traffic for each instance and the global Ignored Traffic settings.
Passive Capture examines every network packet and determines how to traffic it based upon the filter rules. With the help of filter rules, you can specify where you want the required traffic to go, help balancing the load between multiple PCA instances, and define the types of traffic that PCA can ignore.
Note: The PCA automatically configures its listen filters to allow 802.1q VLAN packets in for capture.
Either of the following two methods can be configured in the Interface tab to segment traffic loads to multiple instances of the PCA:
- Web Server Host IP/Port Addresses Filtering: The typical and preferred method for segmenting traffic by PCA instance is to filter on web server host IP/Port addresses.
- TCP Client Port Segmentation Filtering: The alternate method, TCP client port segmentation, is used when the capture traffic is presented as a single virtual web IP address (VIP).
Web Server Host IP/Port Addresses Filtering
If the capture traffic presented to the PCA is served by multiple web servers via their respective host IP/Port addresses, then each PCA instance can filter for a subset of those host IP addresses. This method provides the means to distribute traffic loads across the multiple instances.
For each instance of the PCA, the Instance List and Ignored Traffic sections identify the network packets to include and exclude. If the packet matches the required traffic and does not match the traffic to ignore, then capture it for further processing.
In the Filter Rules section, you can specify the IP addresses/ports that are submitted data to the PCA. You can add and delete specific IP addresses or a range of IP addresses. You can also specify specific hosts whose traffic you do not want the device to capture.
TCP Client Port Segmentation Filtering
When traffic is served from a single virtual web IP (VIP) address, you can use the TCP client port segmentation method to segment the traffic based on TCP client port ranges.
Note: Wherever possible, IP address segmentation is the preferred method over port segmentation.
Since there are not multiple web server host IP addresses to distribute, the segmentation is done by TCP client port ranges. Each PCA instance filters on a range of client TCP ports. The aggregate of all port ranges across all PCA instances spans the entire spectrum of client TCP ports and thus ensures complete capture.
The following are the requirements to use this method:
- The virtual IP address (VIP) traffic must contain required capture traffic only. All traffic on this VIP is used.
Note: Verify that the VIP does not have any undesired traffic. Only one VIP can be specified for this type of filtering.
- Web servers host TCP port numbers must be less than 1024. For example, host ports 8443, 4443, and 1443 are not valid.
- Ignored filter rules cannot be used.