Agent Pre-filtering

The G-vTAP Agent pre-filtering option filters traffic before mirroring it from G-vTAP Agent to the V Series Nodes.

Agent pre-filtering is performed directly at the packet capturing point. By filtering at this point, unnecessary traffic is prevented from reaching the fabric nodes that perform filtering and manipulation functions. Preventing this traffic reduces the load on the V Series nodes and the underlying network.

Note:  Agent pre-filtering is not supported for OVS Mirroring and OVS Mirroring + DPDK.

Agent Pre-filtering Guidelines

In cloud environments, there will be limits on how much traffic could be sent out per instance/single or double network interface.

Traffic will be passed if a network packet matches one or more of these rules:

  • Only filters from traffic maps will be considered for G-vTAP filters. Inclusion and exclusion maps are purely for ATS (automatic target selection); not for G-vTAP.
  • Filters from the first-level maps of the monitoring session will only be used to create G-vTAP maps.
  • User-entered L2-L4 filters in the monitoring-session maps must be in the format that V Series Node currently accepts. Non L2-L4 filters are used purely by ATS to select the targets; not for G-vTAP.
  • Both egress and ingress maps with filters are supported on G-vTAP.
  • Both single and dual network interfaces for G-vTAP Agent VMs are supported.

Agent Pre-filtering Rules and Notes

G-vTAP Agent pre-filtering has the following capabilities and benefits:

  • The agent pre-filtering option can be enabled or disabled at the monitoring-session level and is enabled by default.
  • When enabled, traffic is filtered at the G-vTAP Agent-level, before mirroring to the V Series Nodes. Consequently, traffic flow to the V Series Nodes is reduced, which reduces the load/cost on the Cloud networks.
  • Only rules from first-level maps are pushed to the agents.
  • Pass rules are supported 100%.
  • Drop rules are supported for only simple cases or single-drop rules with a pass all case.
  • Rules that span all monitoring sessions will be merged for an G-vTAP Agent, if applicable
  • If the max-rule limit of 16 is reached, then all the traffic is passed to the V Series node; no filtering will be performed.