cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Deduplication or distinction of traffic by additionnal VLAN tag

gilles_portier
Dynatrace Helper
Dynatrace Helper

Hi,

one of our customer is in the following case :

They add this header on the same traffic, copied before a firewall (Tag 101) and after the firewall (Tag 102)

1/ Does this additional 802.1Q disturb our traffic decode on the AMD or not ?

2/ Are those 2 traffics considered as duplicated or not ?

2/ is there a way by using 2 CASes and the multi-tenant feature to report on these 2 traffics to show the impact of the firewall ?

Thank you for your answer

4 REPLIES 4

ulf_thornander3
Inactive

Salut Gilles

Wouldn't the packet broker (Group ToolsA?) tell you how it deals with the tags?
So what tag does the output actually contain?
Your documentation says "..would then not merge on the egress port". Is this implying that there is a merge mechanism inside the "Group ToolsA" box?

  1. Not as I understand your documentation.
  2. Tricky question - but as I understand your documentation - if you say they belong to different tenants then they would not be considered duplicates but if you say they belong to the same tenant then they would, as they all carry the same IP ID,MAC adress, Checksum and SEQ number.
  3. I think your best bet would be to try to do this through BU config , creating a ADC that uses different software services. But I'm not sure you can define a software service that spans 2 tenants 🙂

One other possible way I can think of (haven't tried) is defining each as a separate Physical Link, but that would require separate interfaces in the AMD - and I'm still not sure it would be working.

Just to rephrase so I'm clear - you want to measure packet delay as it passes through a Firewall where it might change VLAN tag?

mike_hicks
Inactive

Hi Gilles,

DC RUM 12.4 supports the concept of nested VLAN tags, meaning that if an additional tag is added we will still read and report on its presence. But we will only report on the last seen tag, so essentially the outer most tag as seen by the relative AMD will be reported and used. So what you see and report on will be relevant specifically to the AMDs position. De-duplication in the CAS happens at layer three, not layer two, and so if you had the AMD position to see both sides of the firewall and so basically see the conversation with one outside VLAN tag and the same conversation with a different outside VLAN tag both VLANs will be seen on the VLAN reports and the conversation will be shown in each VLAN. However it is important to note that this will be just usage any application measurements in the other CAS reports will be de-dupliacted and appear only once.

gilles_portier
Dynatrace Helper
Dynatrace Helper

Thank you Ulf and Mike.

Sorry Mike, i am not quite sure i understand your last sentence, and how they answer to questions #2 and 3#. If i understand well :

Question #1 : answer is no

Question #2 : answer is ... ?

Question #3 : answer is ?

Thank you

Gilles

Ok sorry:

Question 1: No shouldn't have an impact

Question 2: It depends specifically in the VLAN reports no they will not be seen as duplicates but two conversations in different VLANs, (assuming the AMD see's the same conversation in different places with different VLAN tags), but in any other report in the CAS (ie non L2 data reports) they will be seen as duplicates and be impacted by De-duplication.

Question 3: One option that might potentially work for determining the “impact” in terms of performance across that firewall is to use two AMD’s one either side and then enable aliasing on a per AMD basis, then because it essentially stops that deduping you should then be able to derive the “delay” from time measurements like RTT as you will get a measurement of it on both sides but only with two AMDs.