Create Map
Each map can have up to 32 rules associated with it. The following table lists the various rule conditions that you can select for creating a map, inclusion map, and exclusion map.
|
Conditions
|
Description
|
|
L2, L3, and L4 Filters
|
|
EtherType
|
The packets are filtered based on the selected ethertype. The following conditions are displayed:
L3 Filters
If you choose IPv4 or IPv6, the following L3 filter conditions are displayed:
|
■
|
IP Type of Service (TOS) |
|
■
|
IP Explicit Congestion Notification (ECN) |
L4 Filters
If you select TCP or UDP protocol, the following L4 filter conditions are displayed:
|
|
MAC Source
|
The egress traffic from the instances or ENIs matching the specified source MAC address is selected.
|
|
MAC Destination
|
The ingress traffic from the instances or ENIs matching the specified destination MAC address is selected.
|
|
VLAN
|
All the traffic matching the specified IEEE 802.1q Virtual LAN tag is filtered. Specify a number from 0 to 4094.
|
|
VLAN Priority Code Point (PCP)
|
All the traffic matching the specified IEEE 802.1q Priority Code Point (PCP) is filtered. Specify a value between 0 to 7.
|
|
VLAN Tag Control Information (TCI)
|
All the traffic matching the specified VLAN TCI value is filtered. Specify the exact TCI value.
|
|
Pass All
|
All the packets coming from the monitored instances are passed through the filter. When Pass All is selected, the L3 and L4 filters are disabled.
|
When you select a condition without source or destination specified, then both egress and ingress traffic is selected for monitoring the traffic. For example, if you select IPv4 as the EtherType, TCP as the protocol, and do not specify IP source or destination, then both egress and ingress traffic is selected for monitoring purpose.
When you select a condition with either source or destination specified, it determines the direction based on the selection. For example, if only IP source is selected, then the egress traffic from the instances in the subnet 10.0.1.0/24 is selected for monitoring the traffic.
Note: You can create Inclusion and Exclusion Maps using all default conditions except EtherType and Pass All.
To create a new map:
|
1.
|
In the Monitoring Session canvas, from Maps section, drag and drop a new map template to the workspace. If you are creating an exclusion or inclusion map, drag and drop a new map template to their respective section at the bottom of the workspace. The new map page is appears. |
|
2.
|
Enter the appropriate information for creating a new map as described in the following table.
Parameter | Description | Alias | The name of the new map. Note: The name can contain alphanumeric characters with no spaces. | Comments | The description of the map. | Map Rules | The rules for filtering the traffic in the map. To add a map rule: | b. | Select a condition from the Search L2 Conditions drop-down list and specify a value. Based on this selection, the Search L3 Conditions drop-down list is automatically updated. |
| c. | Select a condition from the Search L3 Conditions drop-down list and specify a value. |
| d. | (Optional) If you have selected TCP or UDP as the protocol in the L3 conditions, then select Port Source or Port Destination from the Search L4 Conditions drop-down list and specify a value. If you have selected conditions other than TCP or UDP, then the Search L4 Conditions drop-down list is disabled. |
| Map Rules | | e. | (Optional) In the Priority and Action Set box, assign a priority and action set. |
| f. | (Optional) In the Rule Comment box, enter a comment for the rule. |
Note: Repeat steps b through f to add more conditions. Note: Repeat steps a through f to add nested rules. |
|
Note: Do not create duplicate map rules with the same priority.
|
3.
|
To reuse the map, click Add to Library. Save the map using one of the following options: |
|
o
|
Select an existing group from the Select Group list and click Save. |
|
o
|
Enter a name for the new group in the New Group field and click Save. |
Note: The maps saved in the Map Library can be reused in any monitoring session present in the VNet.
To edit or delete a map, click a map and select Details to edit the map or Delete to delete the map.
Agent Pre-filtering
The G-vTAP Agent pre-filtering option filters traffic before mirroring it from G-vTAP Agent to the V Series Nodes.
Agent pre-filtering is performed directly at the packet capturing point. By filtering at this point, unnecessary traffic is prevented from reaching the fabric nodes that perform filtering and manipulation functions. Preventing this traffic reduces the load on the V Series nodes and the underlying network.
Agent Pre-filtering Guidelines
In cloud environments, there will be limits on how much traffic could be sent out per instance/single or double network interface.
Traffic will be passed if a network packet matches one or more of these rules:
|
■
|
Only filters from traffic maps will be considered for G-vTAP filters. Inclusion and exclusion maps are purely for ATS (automatic target selection); not for G-vTAP. |
|
■
|
Filters from the first-level maps of the monitoring session will only be used to create G-vTAP maps. |
|
■
|
User-entered L2-L4 filters in the monitoring-session maps must be in the format that V Series Node currently accepts. Non L2-L4 filters are used purely by ATS to select the targets; not for G-vTAP. |
|
■
|
Both egress and ingress maps with filters are supported on G-vTAP. |
|
■
|
Both single and dual network interfaces for G-vTAP Agent VMs are supported. |
Agent Pre-filtering Rules and Notes
G-vTAP Agent pre-filtering has the following capabilities and benefits:
|
■
|
The agent pre-filtering option can be enabled or disabled at the monitoring-session level and is enabled by default. |
|
■
|
When enabled, traffic is filtered at the G-vTAP Agent-level, before mirroring to the V Series Nodes. Consequently, traffic flow to the V Series Nodes is reduced, which reduces the load/cost on the Cloud networks. |
|
■
|
Only rules from first-level maps are pushed to the agents. |
|
■
|
Pass rules are supported 100%. |
|
■
|
Drop rules are supported for only simple cases or single-drop rules with a pass all case. |
|
■
|
Rules that span all monitoring sessions will be merged for an G-vTAP Agent, if applicable. |
|
■
|
If the max-rule limit of 16 is reached, then all the traffic is passed to the V Series node; no filtering will be performed. |
Enable/Disable G-vTAP Agent Pre-filtering
Agent pre-filtering can be enabled or disabled by the user at the monitoring-session level. This ensures that we provide a knob to the user to turn it on or off at the G-vTAP level according to the requirements.
To change the G-vTAP Agent Pre-filtering option setting:
|
1.
|
From the left navigation pane, select Traffic > VIRTUAL > Orchestrated Flows > Azure. The Monitoring Session page appears. |
|
2.
|
Open a monitoring session by doing one of the following: |
|
a.
|
Click New to create a new session. |
|
b.
|
Click the check box next to a session and then click Edit to edit an existing session. |
|
3.
|
Select or deselect the Agent Pre-filtering check box in the Monitoring Session info box to change the setting. It is enabled by default. |
|
a.
|
Deselect the check box to disable it. |
|
b.
|
Select the check box to enable it. |
|
5.
|
The Monitoring Session view displays the setting in the Agent Pre-filtering column. |
