Configure UCT through GigaVUE-FM
This section describes how to configure UCT through GigaVUE-FM GUI. Refer to the following section for details.
- Launch GigaVUE-FM
- Create Monitoring Domain
- Create Source Selectors
- Create Tunnel Specifications
- Configure Traffic Policy
- Configure UCT through GigaVUE-FM
The recent GigaVUE-FM image files can be downloaded from Gigamon Customer Portal. After fetching the image, upload and launch GigaVUE-FM on your GigaVUE V Series 2 supported cloud environment. For assistance, Contact Technical Support of Gigamon or refer to GigaVUE Cloud Suites for more information on GigaVUE V Series 2 configuration on the supported cloud environments.
To create a monitoring domain in GigaVUE-FM:
- In GigaVUE-FM, on the left navigation pane, select Inventory > CONTAINER > Universal Container Tap > Monitoring Domains. The Monitoring Domain page appears.
- In the Monitoring Domain page, click New. The New Monitoring Domain wizard appears.
- Enter or select the required information as described in the following table,
Fields
Description
Monitoring Domain Name
Enter a name for the monitoring domain
Connections
Connection Name
Enter a name for the UCT connection
Cluster Name
Enter a name for the cluster
URL
Enter the URL of the API server
Inventory Discovery
Select any one of the following options:
FM - When you select FM, you need to enter the authentication token. Note: If you don't have an authentication token, the GigaVUE-FM can't pull the inventory. You can use the other options mentioned below to include the inventory.
References for POST and DELETE APIs:
o POST/cloud/kubernetes/inventory/pods/{connectionId}
Add/Create UCT Kubernetes pods inventory.o DELETE/cloud/kubernetes/inventory/pods/{connectionId}
Delete UCT Kubernetes pods inventory.o POST/cloud/kubernetes/inventory/services/{connectionId}
Add/Create UCT Kubernetes services inventory in FM.o DELETE/cloud/kubernetes/inventory/services/{connectionId}
Delete UCT Kubernetes services inventory.o POST/cloud/kubernetes/inventory/nodes/{connectionId}
Add/Create UCT Kubernetes nodes inventory in FM.o DELETE/cloud/kubernetes/inventory/nodes/{connectionId}
Delete UCT Kubernetes nodes inventory.Refer to the GigaVUE API Reference for detailed information.
Upload - You need to upload the inventory information into GigaVUE-FM. You must feed the inventory details through the REST APIs. Refer to the GigaVUE API Reference for detailed information. UCT controller-UCT controller running as a POD in each Kubernetes cluster collects the inventory information and sends it to GigaVUE-FM. Authentication Type
Select token as the authentication type. By default, the authentication type is token. The option is applicable only if the Inventory Discovery is GigaVUE‑FM.
Token
Enter the authentication token. The option is applicable only if the Inventory Discovery is GigaVUE‑FM.
Click to add another connection and click to remove an existing connection.
- Click Save to create a monitoring domain.
Note: If the connecting UCT Tap does not send 3 continuous heart beats, it is marked as disconnected and it is shown on the monitoring domain page as per the interval configured in the UCT Purge (the default purge interval is 30 days) before the GigaVUE-FM cleans them up.
You can view the monitoring domain created in the list view. The list view shows the following information for UCT and controllers:
Monitoring Domain |
URL |
Connection |
Cluster Name |
UCT UUID |
Management IP |
Version |
Node Name |
Status |
Discovered Sources |
Note: Click the to select the columns that should appear in the list view.
When setting up a traffic flow, it is important to define the selection criteria for the sources of traffic. Use the Source Selectors page for configuring the sources of the traffic to be monitored.
To configure the Source Selectors:
- Select Inventory > Resources> Source Selectors.
-
On the Source Selectors page, navigate to the Container tab and click Create.
The New Source Selector wizard appears.
- Enter or select the required information:
Field Action Name Enter a name for the source Include Filters (Criteria 1)
You can select any one of the following options
All Sources - Select this option to acquire traffic from all names, all pods and containers within the selected cluster(s). Depending on the size of the cluster(s), volume of traffic may be larger. Criteria1- You must enter the following options: Object Property Select an object property to filter the traffic source.
Operator Select the operator.
Values Enter the values for the filter. On the Criteria, click to add another Object and click to remove an existing Object.
Exclude Filters (Criteria 1)
On the Criteria, click to add another Object and click to remove an existing Object.
Object Property Select an object property to filter the traffic source.
Operator Select any one of the operators:
equals contains startswith endwith Values Enter the values for the filter. On the Include or Exclude filters, click to add another Criteria and click to remove an existing Criteria.
- Click Save to save the filter.
- If you have configured multiple filters in a criterion, then the traffic will be filtered only if all the filter rules are true.
- If you have configured multiple criteria, then the traffic will be filtered even if one of the criteria is true.
A tunnel of type L2GRE or VXLAN can be created. The tunnel is an egress tunnel.
To configure the tunnels:
- Select Inventory > Resources > Tunnel Specifications.
-
On the Tunnel Specifications page, navigate to Container tab and click Create. The Create Tunnel Specification wizard appears.
- Enter or select the following information:
- Click Save to save the configuration.
Field |
Description |
Name |
The name of the tunnel endpoint. |
Tunnel Type |
Select L2GRE, or VXLAN tunnel type to create a tunnel. |
Destination IP Address |
Enter the IP address of the destination endpoint |
Key |
Enter a value for the tunnel key |
To create a UCT Traffic Policy in GigaVUE-FM:
- From the GigaVUE-FM left navigation pane, select Traffic > CONTAINER > Universal Container Tap. The Policies page appears.
- In the Policies page, click Create. The Create Policy wizard appears.
- In the General tab, enter or select the required information as described in the following table:
Fields
Description
Policy Name
Enter a name for the Traffic Policy.
Monitoring Domain
Select an existing monitoring domain. To create a new monitoring domain, refer to Create Monitoring Domain section.
Connections
Select one or more connections for the policy.
- Switch to the Source Selectors tab, select an existing source selector or select Create New to create a new source selector, refer to Create Source Selectors section for detailed information.
- Switch to the Rules tab, enter or select the required information for the Ingress Rules and the Egress Rules as described in the following table:
Fields
Description
Rules
On the Ingress or Egress rules, click to add another rule and click to remove an existing rule.
Rule Name
Enter a name for the rule.
Enable
Select On to enable the filter or select Off to disable the filter
Action
Select Pass to allow the packets or select Drop to block the packets based on the filters.
Direction
Select any one of the following directions:
Bi-directional - Taps the traffic in both directions. The maximum number of rules supported per direction is 8. Also, each directional rule will add 2 ingress rules and 2 egress rules. Ingress- Taps the ingress traffic. Egress - Taps the egress traffic. Priority
Enter a priority value to specify the precedence.
Tunnel Specifications
Select an existing tunnel or select Create New to create a new tunnel, refer to Create Tunnel Specifications section for detailed information.
Filters
On the rule section, click to add another filter and click to remove an existing filter.
Filter Type
Select a filter type
Filter Name
Enter a name for the filter
Value
Enter a value for the filter
- Switch to the Deploy tab, click Deploy and the selected traffic policy rules get deployed to the required UCT taps present on the nodes corresponding to the source pods selected for monitoring.
The Traffic Policy processes the customer workload traffic and UCT forwards the traffic to the tunnel destination IP address.
Name |
Name of the Policy |
Monitoring Domain |
Monitoring Domain associated with the Policy. |
Connection |
The connection associated with the policy. |
UCT Deployment Details |
Specifies the count of successful deployment along with the total number of deployment for a policy. |
Rx packets |
Total aggregate value of the ingress packets associated with the policy. |
Tx packets |
Total aggregate value of the egress packets associated with the policy. |
Egress packets |
Total aggregate value of the egress packets associated with the policy. |
Ingress Bytes |
Total aggregate value of the ingress bytes associated with the policy. |
Egress Bytes |
Total aggregate value of the egress bytes associated with the policy. |
Ingress Errors |
Total aggregate value of the ingress errors associated with the policy. |
Property |
||
Operator |
||
Value |
Specifies the value for the attributes in the criteria. |
|
Property |
Specifies the property in the exclude criteria based on which the pod associated with the source is tapped. |
|
Operator |
Specifies the operator involved in the exclude criteria in tapping the traffic in the pod. |
|
Ingress Dropped |
||
Egress Dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules. |
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rules. |
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rules. |
|
Ingress Dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rules for an UCT. |
|
Egress Dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules for an UCT. |
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rules for an UCT. |
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rules for an UCT. |
|
Ingress Packets |
||
Egress Packets |
||
Ingress Bytes |
||
Ingress Dropped |
Specifies the total aggregate value of the ingress bytes dropped associated with the rules for an UCT. |
|
Egress Dropped |
Specifies the total aggregate value of the egress bytes dropped associated with the rules for an UCT. |
|
Ingress Errors |
Specifies the total aggregate value of the ingress errors associated with the rules for an UCT. |
|
Egress Errors |
Specifies the total aggregate value of the egress errors associated with the rules for an UCT. |
Ingress Dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rules for an UCT. |
|
Egress Dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules for an UCT. |
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rules for an UCT. |
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rules for an UCT. |
|
Ingress packets |
||
Egress packets |
||
Ingress Dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rules for an UCT. |
|
Egress Dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules for an UCT. |
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rules for an UCT. |
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rules for an UCT. |
|
Ingress packets |
||
Egress packets |
||
|
Ingress Bytes |
Specifies the aggregate value of the ingress bytes associated with the rules. |
|
Egress Bytes |
Specifies the aggregate value of the egress bytes associated with the rule. |
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rule. |
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rule. |
|
Ingress dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rule. |
|
Egress dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules. |