TippingPoint IPS devices do support Cisco's EtherChannel® and the IEEE Link Aggregation Control Protocol (LACP). However, all aggregation configurations are performed at the switch as the IPS by itself has no configuration settings pertaining to aggregation. The only caveat with running aggregated links thru the IPS is that in order to maintain IPS operations, the aggregation protocol being used needs to be configured to not use any type of load balancing (e.g. Round Robin, Active-Backup policy) algorithm for traffic flow. While "Round Robin" is great for load balancing traffic flow across multiple links, the fact is that it is not good for packet inspection by the IPS. Traffic flow affinity needs to be maintained and this would mean using a flow based algorithm such as aggregating using the source IP. This will ensure that all fragments from any particular flow will go through the same segment.
In order to configure the IPS for link aggregation the user needs to setup the appropriate number of segments. As an example if the user is aggregating 4 links, he would need to setup 4 segments (8 ports) for the link aggregation connections. Four ports (1A, 2A, 3A, 4A) coming from switch 1 and four ports (1B, 2B, 3B, 4B) going to switch 2. See the sample topology diagram below.
In addition the user can also create "Segment Groups". A Segment Group is a grouping of device segments, physical or virtual, that are set up in a specific combination that allows users to maintain settings and file distribution. Users can then associate a particular profile of filters to the segment group. So in the above example the user could create a Segment Group for all the "A" ports (inbound) and another Segment Group for all the "B" ports (outbound) and apply profiles accordingly.
How To: Create a Segment Group
- Log in to the SMS from a client.
- On the SMS toolbar, navigate to the Devices > All Devices and expand the tab.
- Select the Segment Groups tab.
- To create a new Segment Group do one of the following:
- Click New.
- Right-click and select New.
- On the top menu select File > New > Segment Group.
- The Segment Group Edit dialog displays.
- In the Group Name field, specify a name for the group.
- In the Non Members pane, select how you want to organize the list: by Device or by Segment Group.
- Select one or more devices from the list. You can select multiple devices by clicking and dragging your cursor over the names and using the Shift and Ctrl keys.
- Click the right arrow button to move the selected device to the right Group Members pane.
- Click OK. The segment group displays in the Devices Navigation pane and Devices > Segment Group screen.