Application Metadata Exporter

Refer to the following topics for more detailed information on the various ways to configure AMX:

Export AMI output by AMX

Application Metadata Exporter(AMX) application converts the output from the Application Metadata Intelligence (AMI) in CEF format into JSON format and sends it to the cloud tools and Kafka Consumers.

The AMX application can be deployed only on a GigaVUE V Series Node and connected to Application Metadata Intelligence running on a physical node or a virtual machine. GigaVUE-FM manages the AMX application and the AMI.

Export NetFlow/IPFIX from third-party sources or AMI using the NetFlow Integrator in AMX

The AMX application with NetFlow Integrator functionality supports ingesting NetFlow/IPFIX flow records from various sources and devices, such as firewalls, routers, and switches. These packets are parsed and converted into a standardized JSON format and exported over HTTPS or Kafka to the external tools.

Since the AMI application also generates the NetFlow/IPFIX flow records, with the NetFlow Integrator functionality added to AMX, AMX can export the AMI NetFlow/IPFIX as JSON to the tools.

Integrating NetFlow/IPFIX flow records into the AMX application provides a consolidated view of network traffic and NetFlow insights by exporting them as separate JSONs to the tools. This integration provides a unified source of network traffic data and NetFlow/IPFIX insights in standard JSON format, compatible with most Network Performance Monitoring (NPM) tools.

The diagram below illustrates how the AMX application ingests, processes, and exports network traffic data collected from various devices. GigaVUE-FM acts as the central control system for AMX.

Supported Platforms

  • VMware ESXi

  • VMware NSX-T

License Requirement

NetFlow Integrator functionality will be disabled by default and requires a valid SecureVUE Plus VBL license to enable it

Rules and Notes

  • The recommended deployment method for NetFlow Integrator functionality is Third Party Orchestration.

  • Only the elements specified in the mapping file will be included in the JSON output. Editing or customizing the mapping file is not supported. Refer to Supported Element Types for NetFlow Integrator Element Mapping.

  • The NetFlow/IPFIX ingestor type does not support Metadata Enrichment. Refer to Configure Application Metadata Exporter Application.

  • An AMX application cannot be configured to ingest both CEF and NetFlow/IPFIX formats at the same time.

  • A maximum of 12 NetFlow/IPFIX type ingestors can be configured per deployment.

  • A single instance of AMX processes traffic in line with the published performance KPIs. Additional instances should be deployed if traffic volume exceeds these thresholds to ensure stable and efficient performance. For details regarding performance KPIs, Contact Technical Support.

  • The memory and CPU requirements for a single AMX instance are as follows:

    • CPU : 40 cores

    • Disk : 128 GB

    • Memory : 64 GB

To know more about the configuration of NetFlow Integrator functionality, supported element types, and related statistics details, refer to the following sections:

■   Configure Application Metadata Exporter Application
■   Supported Element Types for NetFlow Integrator Element Mapping
■   View Application Statistics for Application Metadata Exporter

Export of 3G/4G/5G Control Plane Metadata by AMX

The AMX application can also export the 3G/4G control plane metadata received from the GTP Correlation engine and 5G control plane metadata received from the 5G CPN engine to the cloud tools and Kafka in Flat JSON format.

The AMX application can be deployed only on a GigaVUE V Series Node and can be connected to a GTP Correlation / 5G CPN engine running on a physical node.

Export of GigaVUE Enriched Metadata for Mobile Networks by AMX

The metadata enrichment enhances service provider analytics, by generating metadata on 5G/4G/3G network traffic. The AMX correlates the user plane metadata produced by AMI with the control plane metadata produced by the GTP/5G correlation mobility application to produce an enriched metadata feed for the mobile networks. This data feed helps with use cases like service personalization, planning, and many others by containing information about the

  • Subscriber Session
  • Over the Top Application
  • Handset Type
  • Location
  • Flow throughput calculation attributes - DL, UL bytes, and time stamps.
  • Application Protocol
  • Core Network Information
  • User Tunnel Information

Export of GigaVUE Enriched Metadata for Mobile Networks is supported only for GigaVUE V Series Node deployed using Third Party Orchestration on VMware ESXi.

Additionally, you can also deploy GigaVUE V Series Node using KVM hypervisor for deploying Application Metadata Exporter (AMX) application on GigaVUE-FM Hardware Appliance.

For deployment instructions, refer to:

User Plane and Control Plane traffic from the following devices are supported for exporting GigaVUE Enriched Metadata for Mobile Networks:

  • GigaVUE-HC3
  • GigaVUE-HC1-Plus

Note:  For GigaVUE-HC1-Plus, the AMI application must be configured on the built-in engine to efficiently handle higher traffic loads. The plug-in engine can be used for the Control Plane traffic.

For information on Control Plane Metadata, refer to Control Plane Metadata.

Export of GigaVUE Enriched Metadata for Cloud Workloads by AMX

Required License: SecureVUE Plus License

GigaVUE Enriched Metadata for Cloud Workloads provides comprehensive situational awareness to address security and performance pain points in a timely manner. It enriches application metadata from N/S and lateral traffic with key host environment details that allow you to find critical information as follows:

  • The location of the workloads hosted and their virtual network.
  • The operational environment to which the workloads belong.
  • The instance types used, images, and tags that the workload contains.
  • The host name, the security associations like security group name, IAM instance profile name.

Export of GigaVUE® Enriched Metadata (GEM) for Mobile Networks for Cloud Workloads is supported on the following cloud platforms:

  • AWS
  • Azure
  • VMware (ESXi and NSX-T)

This feature works by using the inventory API which is queried in the following intervals.

  • VMware: 300 sec
  • AWS: 30 sec
  • Azure: 60 sec

The default inventory query interval should suffice in most cases, however the interval can be customized in extreme situations. Please contact Gigamon Support for assistance.

In addition to the fixed intervals of polling the inventory, you can subscribe to the following optional services to get automatic updates from the workloads.

  • AWS- Requires setup of SQS in AWS and event subscription settings to access it.
  • Azure - Requires setup of Storage Queue and Events Subscription and settings to access it.
  • VMware - No additional configuration is required as the dynamic updates are supported by default.

Refer to Prerequisites for Export of GigaVUE Enriched Metadata for Cloud Workloads for more detailed information.

AMX application performs the enrichment every 10 seconds. It picks the flow records, which are 15 seconds or older, to allow any delays in fetching the inventory details, and uses the IP address of the endpoints to enrich the records based on the selected attributes. Refer to the following figure for a high-level illustration of the solution. The solution can be deployed using GigaVUE-FM or Third Party Orchestration.

The enrichment supported depends on the type of platform. Refer to Attributes for GigaVUE Enriched Metadata for Cloud Workloads for more details.

Refer to the following topics for more detailed information and configuration: