UCT-V
UCT-V (earlier known as G-vTAP Agent) is a module that is installed in the VM instance. UCT-V modules are installed into workload VMs and grant the tenant packet-level access in any cloud environment without informing the cloud provider or requiring any assistance from the cloud provider. UCT-V can be installed on both Linux and Windows environments. Packets are mirrored from workload virtual interfaces over to GigaVUE V Series nodes where mapping actions involving filtering and packet transformation takes place.
UCT-V mirrors the selected traffic from a source interface to a destination mirror interface. The mirrored traffic is encapsulated using GRE or VXLAN tunneling and then sent to the GigaVUE® V Series Node.
A UCT-V can consist of multiple source interfaces and a single destination interface. The network packets collected from the source interface are mirrored to the destination interface. From the destination interface, the packets traverse through either a L2GRE, VXLAN tunnel, or Secure Tunnels to the GigaVUE V Series Node.
Single Network Interface Configuration
A single network interface card (NIC) acts as the source and the destination interface. UCT-V with a single network interface configuration lets you monitor the ingress or egress traffic from the network interface. The monitored traffic is sent out using the same network interface.
For example, assume that there is only one interface in the monitoring instance. In the UCT-V configuration, you can configure that interface as the source and the destination interface and specify both egress and ingress traffic to be selected for monitoring purposes. The egress and ingress traffic from that instance will be mirrored and sent out using the same interface.
Using a single network interface card as the source and the destination interface can sometimes cause increased latency when sending the traffic out from the instance.
Example of the Linux UCT-V configuration file for a single NIC configuration:
Grant permission to monitor ingress and egress traffic at iface
# eth0 mirror-src-ingress mirror-src-egress mirror-dstMultiple Network Interface Configuration
UCT-V lets you configure two network interface cards (NICs). One network interface card can be configured as the source interface and another as the destination interface.
For example, assume that eth0 and eth1 are in the monitoring instance. In the UCT-V configuration, eth0 can be configured as the source interface, and egress traffic can be selected for monitoring purposes. The eth1 interface can be configured as the destination interface. So, the mirrored traffic from eth0 is sent to eth1. From eth1, the traffic is sent to the GigaVUE V Series Node.
Example of the Linux UCT-V configuration file for a dual NIC configuration:
Grant permission to monitor ingress and egress traffic at iface
# 'eth0' to monitor and 'eth1' to transmit the mirrored packets # eth0 mirror-src-ingress mirror-src-egress # eth1 mirror-dstLoopback Network Interface Configuration
Note: Loop Back Interface configuration is not supported on Windows environment.
UCT-V supports the ability to tap and mirror the loopback interface. You can tap the loopback interfaces on the workload, which carries application-level traffic inside the Virtual Machine. The loopback interface is always configured as bidirectional traffic, regardless of the configurations provided in the configuration file.
The UCT-V is offered as a Debian (.deb), Redhat Package Manager (.rpm) package for Linux workloads and a ZIP or MSI for Windows Server workloads. For more information on installing UCT-V on your virtual machines, refer to Configure UCT-V.
