Service Insertion |
Service Insertion is transparently inserting an external service into a traffic flow or into the traffic processing pipeline:
Flows are redirected to a service for inspection and then reinjected to the forwarding pipeline
Possible services include IPS, Hewlett Packard Enterprise Network Protector SDN Application, Hewlett Packard Enterprise Network Visualizer SDN Application, web filtering, and traffic analyzers
ASIC handles Service Insertion via a tunnel or Fast Path, and does not incur any CPU processing overhead. This feature is supported on the Aruba 2920 Switch series, Aruba 2930F, HPE 3800, Aruba 3810M, HPE 5400, Aruba 5400R v2, and v3 modules. It is not supported in V1-compatible mode.
![]() | NOTE: For HPE 5400, you must execute the following command before configuring a Service Insertion tunnel: no allow-v1-modules This command disables
all v1 modules. |
Inspection Service shows Inspection Service.
Network device service insertion
Service Insertion is a feature to insert a packet inspection service into the normal flow of traffic. Utilizing OpenFlow flow rules, traffic can be redirected to a network device like the HPE Network Protector SDN Application for inspection and decision making. You can use a service insertion tunnel for the following modes:
Inline inspection called intercept, where traffic is redirected to a network device like the HPE Network Protector SDN Application. The network device reinserts legitimate traffic into the switch pipeline to be processed and forwarded as normal.
Out of line inspection called tap, where traffic is mirrored to a network device like the HPE Network Visualizer SDN Application.
Tap tunnels mirror the traffic from switch to the remote endpoint and are uni-directional in nature. The switch will not receive packets back on the tunnel.