How to connect DPI device to ws-c3850 and Nexus3k

fspinell · ‎03-18-2020

Hi community,

anyone knows the best way to connect DPI (Data Packet Inspection) device, 3rd party, to IOS-XE platform (ws-c3850) and Nexus3k?

I was thinking to hairpinning, as below, but I am not sure it could work.

source (different platform):

https://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html

Hairpinning
The switch supports hairpinning , which refers to traffic ingressing and egressing same interface. To achieve haripinning, configure two EFPs in the same bridge domain on the same physical interface, as in this example.

Switch (config)# interface gigabitethernet0/2

Switch (config-if)# description Hairpinning Function

Switch (config-if)# service instance 1 Ethernet
Switch (config-if-srv)# encapsulation dot1q 10
Switch (config-if-srv)# rewrite ingress tag pop 1 symmetric
Switch (config-if-srv)# bridge-domain 5000
Switch (config-if-srv)# exit
Switch (config-if)# service instance 2 Ethernet
Switch (config-if-srv)# encapsulation dot1q 20
Switch (config-if-srv)# rewrite ingress tag pop 1 symmetric
Switch (config-if-srv)# bridge-domain 5000

Interface Client side:

Switch (config)# interface gigabitethernet0/1

Switch (config-if)# description from LAN

Switch (config-if)# service instance 1 Ethernet
Switch (config-if-srv)# encapsulation dot1q 10
Switch (config-if-srv)# rewrite ingress tag pop 1 symmetric
Switch (config-if-srv)# bridge-domain 5000
Switch (config-if-srv)# exit

Interface WAN side:

Switch (config)# interface gigabitethernet0/3

Switch (config-if)# description to WAN

Switch (config-if)# service instance 2 Ethernet
Switch (config-if-srv)# encapsulation dot1q 20
Switch (config-if-srv)# rewrite ingress tag pop 1 symmetric
Switch (config-if-srv)# bridge-domain 5000
Switch (config-if-srv)# exit

I am not sure if the usage of same bridge-domain, 5000 in this case, is right.

In addition, the command "rewrite ingress" seems not acceptable on c3850 platform with release 16.9.4, as below:

3850-4(config)#interface TenGigabitEthernet1/0/1
3850-4(config-if)#service instance 1 ethernet
3850-4(config-if)#encapsulation dot1q 1234
3850-4(config-if-srv)#rewrite ?
% Unrecognized command
3850-4(config-if-srv)#do sh run int te1/0/1
!
interface TenGigabitEthernet1/0/1
no switchport
no ip address
service instance 1 ethernet
encapsulation dot1q 1234
bridge-domain 1234
!
end

Any suggestion for working configuration on cisco Nexus3064 device with System version 6.0(2)U2(9Z)?

BR
Fabio

pieterh · ‎03-19-2020

can you explain your DPI-device ?

Dry-powder inhaler - Wikipedia
en.wikipedia.org › wiki › Dry-powder_inhaler

A dry-powder inhaler (DPI) is a device that delivers medication to the lungs in the form of a dry powder. DPIs are commonly used to treat respiratory diseases ...

fspinell · ‎03-19-2020

DPI as Data Packet Inspection