Configure Packet Mirroring for GCP

Packet Mirroring clones the traffic of specified instances in your Virtual Private Cloud (VPC) network and forwards it for examination. Packet Mirroring captures all traffic and packet data, including payloads and headers. The capture can be configured for both egress and ingress traffic, only ingress traffic, or only egress traffic.

Refer to the following topics for detailed information.

• Configure Packet Mirroring in GCP
• Deploy GigaVUE V Series Solution with Packet Mirroring

Prerequisites:

• When using packet mirroring, a minimum of 3 NICs must be configured and the Machine Type must be c2-standard-8 (8 vCPU, 32 GB memory).
• Create an instance template in GCP, refer to Create instance templates topic in Google Cloud Platform for more details.
• Create Instance Group in GCP with autoscaling in Managed Instance Group. Refer Create a MIG with autoscaling enabled topic in Google Cloud Documentation for more details.
• Configure TCP or UDP internal Load balancer with packet forwarding enabled and ensure that the GigaVUE V Series Nodes data NICs are used to receive traffic.
• Load Balancer forwards raw traffic. Therefore when configuring the monitoring session the Raw End Point must be used as the first component which receives traffic.
• Three NICs must be configured because REP and TEP cannot share the same interface.

A typical GCP deployment to support the internal load balancer and packet mirroring requires the following components:

• GigaVUE-FM (Fabric Manager
• GigaVUE V Series 2 Node
• GCP Internal Load Balancer (uniformly distributes traffic from GCP target VMs to GigaVUE V Series nodes)

Configure Packet Mirroring in GCP

To configure packet mirroring in GCP, refer to Use Packet Mirroring topic in Google Cloud Documentation for step-by-step instructions. After configuring the packet mirroring in GCP you must deploy the GigaVUE V Series solution in GigaVUE-FM.

Deploy GigaVUE V Series Solution with Packet Mirroring

To deploy GigaVUE V Series solution with packet mirroring in GigaVUE-FM:

Edit the monitoring domain and update the following details:

1. In the Monitoring Domain Configuration page, select Customer Orchestrated Source as the Traffic Acquisition method.
   
2. Enable the Uniform Traffic Policy check box. When enabling this option, same monitoring session configuration will be applied to all V Series Nodes.
3. Click Save to save the configuration.

Create a monitoring session with the following instructions:

1. In GigaVUE‑FM, on the left navigation pane, select Traffic > Virtual > Orchestrated Flows and select Third Party Orchestration. The Monitoring Sessions page appears.
2. Click New to open the Create a New Monitoring Session page. Refer to Create a Monitoring Session for more detailed information on how to create a monitoring session.
3. In the Edit Monitoring Session page. Add Raw End point as the first component and Tunnel End Point as the final component.
4. Then add your application to the monitoring session. Connect your components.
5. To deploy the monitoring session after adding the Raw End Point click the Deploy button in the edit monitoring session page.
6. The Select nodes to deploy the Monitoring Session dialog box appears. Select the interface for REP and TEP from the drop-down menu.