Fabric Components

GigaVUE Fabric Components are the set of resources used to acquire, transport, process and distribute traffic to support your monitoring goals.

GigaVUE Cloud Suite for AWS includes the following fabric components:

■   GigaVUE-FM
■   UCT-V
■   UCT-V Controller
■   GigaVUE V Series Node
■   GigaVUE V Series Proxy

GigaVUE-FM

GigaVUE-FM gives you unified access, centralized control, and full visibility into all GigaVUE traffic nodes across your enterprise or data center. It offers a global view that individual nodes cannot provide.

Along with management and monitoring, GigaVUE-FM lets you create and manage traffic policies for your visibility fabric. This helps direct network traffic to your monitoring and analytics tools.

You can install GigaVUE-FM on a range of supported platforms. It also works in any supported cloud environment, as long as there is IP connectivity.

You can deploy GigaVUE-FM on-premises as a physical or virtual appliance, or launch it from an Amazon Machine Image (AMI) in the AWS Marketplace.

GigaVUE-FM in AWS

GigaVUE-FM manages the setup of key components in your Amazon Virtual Private Cloud (VPC), including:

  • UCT-V Controller (Only if you are using UCT-V as the traffic acquisition method)
  • GigaVUE V Series® Node
  • GigaVUE V Series® Proxy (Optional)

GigaVUE-FM Orchestration Capabilities

GigaVUE-FM controls the GigaVUE Cloud Suite for AWS.

It helps you:

  • Define monitoring areas in your network where workloads run.

  • Provide credentials so GigaVUE-FM can discover workloads and related resources.

  • Create and deploy visibility policies (Monitoring Sessions) that collect traffic using your chosen method and send it to GigaVUE V Series Nodes.

  • Configure V Series Nodes to process and forward traffic to tools based on your policy rules.

  • Monitor network areas continuously and automatically apply visibility policies to new workloads if they meet the criteria.

  • Gain full visibility into your AWS environment, optimize tool traffic, and keep security consistent across hybrid and multi-cloud setups.

For detailed steps on installing GigaVUE-FM in AWS, refer to Install GigaVUE-FM on AWS.

UCT-V

UCT-V (earlier known as G-vTAP Agent) is a module installed in the VM instance. It provides packet-level visibility from inside the workload VMs without informing the cloud provider or requiring any assistance from the cloud provider. You can install UCT-V on both Linux and Windows environments. The installed UCT-V mirrors packets from workload virtual interfaces and sends to GigaVUE V Series nodes for filtering, mapping, and transformation.

How UCT-V Works

  • UCT-V mirrors the selected traffic from a source interface to a destination mirror interface.

  • The mirrored traffic is encapsulated using GRE or VXLAN tunneling.

  • Then, sent to the GigaVUE® V Series Node.

A UCT-V can consist of multiple source interfaces and a single destination interface. It mirrors network packets collected from the source interface to destination interface. From the destination interface, packets traverse via L2GRE, VXLAN tunnel, or Secure Tunnels to the GigaVUE V Series Node.

Single Network Interface Configuration

You can configure a single network interface card (NIC to act as both the source and the destination. This setup allows you to monitor ingress and egress traffic using the same interface.

Example scenario:

If the VM has only one interface (For example, eth0), UCT-V configuration, can mirror ingress and egress traffic through eth0.

Note:  Using a single network interface card as the source and the destination interface can introduce higher latency.

Linux Configuration Example for a single NIC configuration:

Grant permission to monitor ingress and egress traffic at iface 

# eth0 mirror-src-ingress mirror-src-egress mirror-dst

Multiple Network Interface Configuration

UCT-V supports using two separate interfaces, one for capturing traffic and other for sending mirrored packets.

Example scenario:

  • Use eth0 as the source to monitor traffic

  • Use eth1 as the destination to send mirrored packets

So, the mirrored traffic from eth0 is sent to eth1. From eth1, the traffic is sent to the GigaVUE V Series Node.

Linux UCT-V configuration Example for a dual NIC configuration:

Grant permission to monitor ingress and egress traffic at iface 

# 'eth0' to monitor and 'eth1' to transmit the mirrored packets 
# eth0 mirror-src-ingress mirror-src-egress 
# eth1 mirror-dst

Loopback Network Interface Configuration

Note:  Windows environment does not support the Loop Back Interface configuration.

UCT-V supports the ability to tap and mirror the loopback interface. You can tap the loopback interfaces on the workload that carries application-level traffic inside the Virtual Machine. The loopback interface is always configured as bidirectional traffic, regardless of the configurations provided in the configuration file.

The UCT-V is offered as a Debian (.deb), Redhat Package Manager (.rpm) package for Linux workloads and a ZIP or MSI for Windows Server workloads. For more information on installing UCT-V on your virtual machines, refer to Configure UCT-V.

UCT-V Controller

UCT-V Controller (earlier known as G-vTAP Controller) manages multiple UCT-Vs and, proxied through GigaVUE-FM, orchestrates the flow of mirrored traffic to GigaVUE V Series Nodes.

GigaVUE-FM uses one or more UCT-V Controllers to communicate with the UCT-Vs. A single UCT-V Controller can only manage UCT-Vs that run the same version. For example, the UCT-V Controller6.13.00 can only manage UCT-Vs 6.13.00.

If you still have the older version of UCT-V deployed in the EC2 instances, you must configure both the previous version and 6.13.00. While configuring the UCT-V Controllers, you can specify the tunnel type used to carry the mirrored traffic from the UCT-Vs to the GigaVUE V Series Nodes.

Note:  You must enable the basic authentication to launch the GigaVUE fabric components for version 6.9 and lower. For more instructions on the steps to enable the basic authentication, refer to Authentication Type.

Supported UCT-V Instances

This table lists the number of UCT-V's supported for each instance type:

UCT-V Controller

No of UCT-V's

t2.large

>1001

t2.medium

1001

t2.small

480

t2.micro

200

GigaVUE V Series Node

GigaVUE V Series Node is a visibility node that aggregates mirrored traffic. It applies filters, manipulates the packets using GigaSMART applications, and distributes the optimized traffic to cloud-based tools or backhaul to on-premise devices or tools. GigaVUE Cloud Suite for AWS uses the TLS- PCAPng, L2GRE, UDPGRE, and VXLAN tunnels to deliver traffic to tool endpoints.

Note:  You must enable the basic authentication to launch the GigaVUE fabric components for version 6.9 and lower. For more instructions on the steps to enable the basic authentication, refer to Authentication Type.

For more information on installing and configuring GigaVUE V Series Node, refer to Deployment Options for GigaVUE Cloud Suite for AWS.

GigaVUE V Series Proxy

The GigaVUE V Series Proxy is an optional component. GigaVUE‑FM uses one or more GigaVUE V Series Proxies to communicate with the GigaVUE V Series Nodes.

You can use a proxy,

  • If GigaVUE‑FM cannot directly reach the GigaVUE V Series Nodes (management interface) over the network.

  • If GigaVUE‑FM connects to a large number of nodes.

  • If you wish to keep the IP addresses of the nodes private.

You can launch a single GigaVUE V Series Proxy to provide the GigaVUE‑FM network communication to hundreds of GigaVUE V Series Nodes present in private networks behind the Proxy.

Note:  You must enable the basic authentication to launch the GigaVUE fabric components for version 6.9 and lower. For more instructions on the steps to enable the basic authentication, refer to Authentication Type.

For detailed information on the various ways of deploying and configuring GigaVUE V Series Proxy, refer to Deployment Options for GigaVUE Cloud Suite for AWS