Understanding network traffic replication
When traffic replication is used, a single data stream is copied and forwarded to multiple tool ports. Replication is necessary for providing identical traffic to different tools.
Traffic replication produces one or more copies of network traffic. In its simplest form, the Matrix is replicating network traffic just by connecting one network port to one tool port. The traffic arriving at the network port is replicated and forwarded to the connected tool port—this is traffic replication. The concept is similar to the use of network TAPs.
Use traffic replication to send the same traffic to many tools. When different tools need access to the same live traffic, some form of replication is necessary. Replication is achievable by using the Matrix, network TAPs, or SPAN/mirror ports. The Matrix can produce many more copies of network traffic than these alternatives typically allow. Plus, the tools receiving the replicated traffic can be switched in real-time using layouts.
Replicated traffic is always post-processed traffic. Traffic forwarded to tool ports is always traffic processed by a rule. The rule may be empty (pass through all traffic) or have active options like deduplication, filtering, and more. In either case, the traffic sent to tool ports is always the traffic that remains after the rule operates.
Avoid traffic replication when load balancing is active in the rule. Remember, the purpose of replication is to make identical copies of traffic. Load balancing produces the opposite effect: it creates a different stream for each tool port. For this reason, traffic replication cannot occur while load balancing is active in the connecting rule.