GigaVUE V Series in AWS
V Series in AWS can be deployed in two ways – with or without the use of a V Series Proxy.
When deployed with Proxy, GigaVUE-FM communication with the V Series Node via the Proxy node. This is typically useful when GigaVUE-FM is deployed in a VPC that is different than where V Series Nodes are deployed, which makes direct communication with the V Series Nodes unfeasible.
Recommended Instance Types for AWS
|
Node type |
Recommended Instance Types |
|---|---|
|
V Series Proxy |
t2.micro |
|
V Series |
c5n.xlarge c5n.2xlarge t3a.xlarge |
Note: Additional instance types are also supported. Refer to Support, Sales, or Professional Services for deployment optimization.
Starting in the 5.12.00 release, V Series 2 deployments in AWS can also be deployed in conjunction with a Network Load Balancer. Refer to the
More detailed information and step-by-step instructions for deployment, refer to the Configure GigaVUE Fabric Components in GigaVUE-FM topic in the GigaVUE Cloud Suite for AWS–GigaVUE V Series 2 guide.
Network Firewall Requirements for AWS
Following is the Network Firewall Requirements for V Series 2 node deployment.
|
Direction |
Type |
Protocol |
Port |
CIDR |
Purpose |
||||||||||||||||||
|
GigaVUE‑FM |
|||||||||||||||||||||||
|
Inbound |
|
TCP |
|
Administrator Subnet |
Management connection to GigaVUE‑FM |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP(6) |
9900 |
GigaVUE‑FM IP |
Allows G-vTAP Controller to communicate with GigaVUE‑FM |
||||||||||||||||||
|
Outbound (optional) |
Custom TCP Rule |
TCP |
8890 |
V Series Proxy IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||||||||||||||
|
Outbound (configuration without V Series Proxy) |
Custom TCP Rule |
TCP |
8889 |
V Series 2 Node IP |
Allows GigaVUE‑FM to communicate with V Series node |
||||||||||||||||||
|
G-vTAP Controller |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9900 |
GigaVUE‑FM IP |
Allows G-vTAP Controller to communicate with GigaVUE‑FM |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP(6) |
9901 |
G-vTAP Controller IP |
Allows G-vTAP Controller to communicate with G-vTAP Agents |
||||||||||||||||||
|
G-vTAP Agent |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9901 |
G-vTAP Controller IP |
Allows G-vTAP Agents to communicate with G-vTAP Controller |
||||||||||||||||||
|
Outbound |
|
|
VXLAN (default 4789) |
G-vTAP Agent or Subnet IP |
Allows G-vTAP Agents to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||||||||
|
V Series Proxy (optional) |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
8890 |
GigaVUE‑FM IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 node IP |
Allows V Series Proxy to communicate with V Series node |
||||||||||||||||||
|
V Series 2 node |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
8889 |
|
Allows V Series Proxy or GigaVUE-FM to communicate with V Series node |
||||||||||||||||||
|
Inbound |
|
|
|
G-vTAP Agent or Subnet IP |
Allows G-vTAP Agents to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||||||||
|
Inbound |
UDP |
UDPGRE |
4754 |
Ingress Tunnel |
Allows to UDPGRE Tunnel to communicate and tunnel traffic to V Series nodes |
||||||||||||||||||
|
Outbound |
Custom UDP Rule |
|
VXLAN (default 4789) |
Tool IP |
Allows V Series node to communicate and tunnel traffic to the Tool |
||||||||||||||||||
|
Outbound (optional) |
ICMP |
ICMP |
|
Tool IP |
Allows V Series node to health check tunnel destination traffic |
||||||||||||||||||
