Inline V Series

Note:  Inline V Series is now available as an Early Access feature, giving you the opportunity to explore its capabilities before the general availability (GA).

The Inline V Series solution provides an advanced, scalable, agentless traffic acquisition mechanism that integrates seamlessly into your network. By deploying V Series Nodes in inline mode, you can mirror and process traffic efficiently while ensuring the reinjection of production traffic without disruption.

In AWS and Azure environments, the Inline V Series solution leverages Gateway Load Balancers (GWLB) to enable efficient traffic handling and visibility. This feature ensures low-latency performance, making it ideal for continuous traffic inspection and monitoring. Designed for simplicity and operational efficiency, the Inline V Series allows you to gain deep insights into network activity while maintaining high performance in demanding network environments.

This solution can be used for forwarding inline traffic and traffic processing. When traffic reaches the Inline V Series Node, a copy of the packet is taken as out-of-band traffic. The copied traffic can be forwarded to a GigaVUE V Series Node for additional processing or directly to monitoring tools. During boot-up, the Inline V Series Node initializes with the default Inline application. A Monitoring Session is required to tap the inline traffic, create a copy for out-of-band forwarding, and send the traffic to the desired tools.

Deployment Use Cases for Inline V Series Solution

Single Tier Deployment

This deployment model can be used when traffic has to be tapped, filtered, and directly sent to tools without any processing.

Multi-Tier Deployment

This deployment model can be used if you wish to process the traffic using GigaVUE V Series Applications before sending it to the tools. The first tier acquires the traffic and sends it to the GigaVUE V Series Nodes in the second tier, where the processing occurs in the GigaVUE V Series Applications.

Architecture of Inline V Series Solution in AWS

Components required for configuring Inline V Series Solution in AWS:

• Application VPC
• Appliance VPC
• Internet Gateway
• Gateway Load Balancer endpoint
• Gateway Load balancer
• Inline V Series Node

Application VPC consists of multiple workload VMs, Gateway Load Balancer endpoint, Internet Gateway, availability zone, and Application Server with the availability zone. The appliance VPC consists of Gateway Load Balancer, Gateway Load Balancer service, Inline V Series Node (Target Listeners). Any traffic reaching the Gateway Load Balancer will be routed to the Target Listeners.

The below architecture diagram explains how the Inline V Series solution works:

Traffic from the internet to the application server (blue arrows):

1. The traffic from the internet is sent to the Application VPC using an Internet gateway.
2. This traffic is routed to the Gateway Load Balancer endpoint, as a result of ingress routing.
3. The Gateway Load Balancer endpoint sends the traffic to the Gateway Load Balancer in the Appliance VPC using a private link that is created between Gateway Load Balancer endpoint and the Gateway Load Balancer. The Gateway Load balancer forwards the traffic to the Inline V Series Nodes. The following actions are performed in the Inline V Series Node:
   • Once the traffic reaches the Inline V Series Nodes, a copy of the packet is taken as out of band traffic.
   • The Out of Band traffic is forwarded to the GigaVUE V Series Node for further processing or it can be forwarded to the tools.
   • The Inline V Series application swaps the IP address and the Mac of the packets, where the source and destination are interchanged. As a result the Inline V Series Node becomes the source and Gateway Load Balancer becomes the destination.

Note:  Packets sent from the Gateway Load Balancer will be GENEVE encapsulated and forwarded to the Inline V Series Nodes.

4. The inline traffic is sent back to the Gateway Load Balancer endpoint in the application VPC.
5. Based on the look up in the routing table configured in the Gateway Load Balancer endpoint, the traffic is sent to the application servers (destination subnet).

Prerequisites

• For more information on AWS recommended design for Gateway Load Balancer implementation with inline services, such as firewall. see Getting started with Gateway Load Balancers - Elastic Load Balancing (amazon.com)
• Create or update Security Group policies of GigaVUE Cloud Suite components. Refer Security Group topic for detailed information.
• Create or update routes in various VPCs across participating mirrored AWS accounts so that all mirrored account VPCs can connect to the target account VPC where the AWS Gateway Load Balancer is deployed.
• You must create a Gateway Load Balancer endpoint. For more information, see Create a Gateway Load Balancer endpoint.
• Create a routing table. For more information, see Amazon documentation.

Refer to the following sections for more details:

• Acquire Traffic using Inline V Series Solution
• Minimum Permissions Required for Acquiring Traffic using Inline V Series
• Configure a Gateway Load Balancer in AWS for Inline V Series Solution
• Deploy GigaVUE V Series Nodes for Inline V Series Solution
• Configure Monitoring Session for Inline V Series
• Analytics for Inline V Series Solution