Configure UCT through GigaVUE-FM
This section describes how to configure UCT through GigaVUE-FM GUI. Refer to the following section for details.
- Launch GigaVUE-FM
- Create Monitoring Domain
- Create Source Selectors
- Create Tunnel Specifications
- Configure Traffic Policy
- Traffic Policy Statistics
Launch GigaVUE-FM
The recent GigaVUE-FM image files can be downloaded from Gigamon Customer Portal. After fetching the image, upload and launch GigaVUE-FM on your GigaVUE V Series 2 supported cloud environment. For assistance, Contact Technical Support of Gigamon or refer to GigaVUE Cloud Suites for more information on GigaVUE V Series 2 configuration on the supported cloud environments.
Create Monitoring Domain
To create a monitoring domain in GigaVUE-FM:
- In GigaVUE-FM, on the left navigation pane, select Inventory > CONTAINER > Universal Container Tap > Monitoring Domains. The Monitoring Domain page appears.
- In the Monitoring Domain page, click New. The New Monitoring Domain wizard appears.
- Enter or select the required information as described in the following table,
Fields
Description
Monitoring Domain Name
Enter a name for the monitoring domain
Connections
Connection Name
Enter a name for the UCT connection
Cluster Name
Enter a name for the cluster
URL
Enter the URL of the API server
Inventory Discovery
Select any one of the following options:
FM - When you select FM, you need to enter the authentication token. Note: If you don't have an authentication token, the GigaVUE-FM can't pull the inventory. You can use the other options mentioned below to include the inventory.
References for POST and DELETE APIs:
o POST/cloud/kubernetes/inventory/pods/{connectionId}
Add/Create UCT Kubernetes pods inventory.o DELETE/cloud/kubernetes/inventory/pods/{connectionId}
Delete UCT Kubernetes pods inventory.o POST/cloud/kubernetes/inventory/services/{connectionId}
Add/Create UCT Kubernetes services inventory in FM.o DELETE/cloud/kubernetes/inventory/services/{connectionId}
Delete UCT Kubernetes services inventory.o POST/cloud/kubernetes/inventory/nodes/{connectionId}
Add/Create UCT Kubernetes nodes inventory in FM.o DELETE/cloud/kubernetes/inventory/nodes/{connectionId}
Delete UCT Kubernetes nodes inventory.Refer to the GigaVUE API Reference for detailed information.
Upload - You need to upload the inventory information into GigaVUE-FM. You must feed the inventory details through the REST APIs. Refer to the GigaVUE API Reference for detailed information. UCT controller-UCT controller running as a POD in each Kubernetes cluster collects the inventory information and sends it to GigaVUE-FM. Authentication Type
Select token as the authentication type. By default, the authentication type is token. The option is applicable only if the Inventory Discovery is GigaVUE‑FM.
Token
Enter the authentication token. The option is applicable only if the Inventory Discovery is GigaVUE‑FM.
Click
to add another connection and click 
to remove an existing connection. - Click Save to create a monitoring domain.
Note: If the connecting UCT Tap does not send 3 continuous heart beats, it is marked as disconnected and it is shown on the monitoring domain page as per the interval configured in the UCT Purge (the default purge interval is 30 days) before the GigaVUE-FM cleans them up.
You can view the monitoring domain created in the list view. The list view shows the following information for UCT and controllers:
| Monitoring Domain |
| URL |
| Connection |
| Cluster Name |
| UCT UUID |
| Management IP |
| Version |
| Node Name |
| Status |
| Discovered Sources |
Note: Click the 
to select the columns that should appear in the list view.
Create Source Selectors
When setting up a traffic flow, it is important to define the selection criteria for the sources of traffic. Use the Source Selectors page for configuring the sources of the traffic to be monitored.
To configure the Source Selectors:
- Select Inventory > Resources> Source Selectors.
-
On the Source Selectors page, navigate to the Container tab and click Create.
The New Source Selector wizard appears.
- Enter or select the required information:
Field Action Name Enter a name for the source Include Filters (Criteria 1)
You can select any one of the following options
All Sources - Select this option to acquire traffic from all names, all pods and containers within the selected cluster(s). Depending on the size of the cluster(s), volume of traffic may be larger. Criteria1- You must enter the following options: Object Property Select an object property to filter the traffic source.
Operator Select the operator.
Values Enter the values for the filter. On the Criteria, click
to add another Object and click to remove an existing Object.Exclude Filters (Criteria 1)
On the Criteria, click
to add another Object and click to remove an existing Object.Object Property Select an object property to filter the traffic source.
Operator Select any one of the operators:
equals contains startswith endwith Values Enter the values for the filter. On the Include or Exclude filters, click
to add another Criteria and click to remove an existing Criteria. - Click Save to save the filter.
- If you have configured multiple filters in a criterion, then the traffic will be filtered only if all the filter rules are true.
- If you have configured multiple criteria, then the traffic will be filtered even if one of the criteria is true.
Create Tunnel Specifications
A tunnel of type L2GRE or VXLAN can be created. The tunnel is an egress tunnel.
To configure the tunnels:
- Select Inventory > Resources > Tunnel Specifications.
-
On the Tunnel Specifications page, navigate to Container tab and click Create. The Create Tunnel Specification wizard appears.
- Enter or select the following information:
- Click Save to save the configuration.
|
Field |
Description |
|
Name |
The name of the tunnel endpoint. |
|
Tunnel Type |
Select L2GRE, or VXLAN tunnel type to create a tunnel. |
|
Destination IP Address |
Enter the IP address of the destination endpoint |
|
Key |
Enter a value for the tunnel key |
Configure Traffic PolicyTo create a UCT Traffic Policy in GigaVUE-FM:
- From the GigaVUE-FM left navigation pane, select Traffic > CONTAINER > Universal Container Tap. The Policies page appears.
- In the Policies page, click Create. The Create Policy wizard appears.
- In the General tab, enter or select the required information as described in the following table:
Fields
Description
Policy Name
Enter a name for the Traffic Policy.
Monitoring Domain
Select an existing monitoring domain. To create a new monitoring domain, refer to Create Monitoring Domain section.
Connections
Select one or more connections for the policy.
- Switch to the Source Selectors tab, select an existing source selector or select Create New to create a new source selector, refer to Create Source Selectors section for detailed information.
- Switch to the Rules tab, enter or select the required information for the Ingress Rules and the Egress Rules as described in the following table:
Fields
Description
Rules
On the Ingress or Egress rules, click
to add another rule and click to remove an existing rule.Rule Name
Enter a name for the rule.
Note: Rule names ending with __I, __E, __RI, __RE are not recommended as the names are invalid in policy rules.
Enable
Select On to enable the filter or select Off to disable the filter
Action
Select Pass to allow the packets or select Drop to block the packets based on the filters.
Direction
Select any one of the following directions:
Bi-directional - Taps the traffic in both directions. The maximum number of rules supported per direction is 32. Also, each directional rule will add 2 ingress rules and 2 egress rules. Ingress- Taps the ingress traffic. Egress - Taps the egress traffic. Priority
Enter a priority value to specify the precedence.
Tunnel Specifications
Select an existing tunnel or select Create New to create a new tunnel, refer to Create Tunnel Specifications section for detailed information.
Filters
On the rule section, click
to add another filter and click to remove an existing filter.Filter Type
Select a filter type
Filter Name
Enter a name for the filter
Value
Enter a value for the filter
- Switch to the Deploy tab, click Deploy and the selected traffic policy rules get deployed to the required UCT taps present on the nodes corresponding to the source pods selected for monitoring.
The Traffic Policy processes the customer workload traffic and UCT forwards the traffic to the tunnel destination IP address.
Traffic Policy Statistics
Traffic Policy Statistics in the GigaVUE-FM provides the visibility of the policies within a Monitoring Domain and displays the information of the policies and its rules statistics in the dashboard. It also allows visualization and performance at every container level of the Policy Deployment.
Rules are configured in the UCT to either forward the traffic to a Tunnel or drop the flow of the traffic. In the Policies page, along with the UCT policy and its rules, you can also view the aggregated statistics of all the source selectors which are part of the policy.
The activities of the rules are reflected by the statistics counters. The statistics counters show how the policy statistics are directly co-related to the policy and its rules being configured through the GigaVUE-FM.
Viewing Policy Statistics
To view the statistics of the traffic policy configured in the GigaVUE-FM, do the following steps:
| 1. | Go to Traffic> Container > Universal Container Tap. The Policies page appears. In the policy page, you can view various details related to a policy such as Name, Monitoring Domain, Connection, Status, etc., For each policy, the value correspond to the aggregate value of UCT taps associated with that policy. The fields and the description of the field names are given in the following table: |
|
Field |
Description |
|
Name |
Name of the Policy |
|
Monitoring Domain |
Monitoring Domain associated with the Policy. |
|
Connection |
The connection associated with the policy. |
|
Status |
Specifies whether the policy deployment is :
|
|
UCT Deployment Details |
Specifies the count of successful deployment along with the total number of deployment for a policy. |
|
Rx packets |
Total aggregate value of the ingress packets associated with the policy. |
|
Tx packets |
Total aggregate value of the egress packets associated with the policy. |
|
Egress packets |
Total aggregate value of the egress packets associated with the policy. |
|
Rx Dropped |
Total aggregate value of the ingress packets dropped associated with the policy |
|
Tx Dropped |
Total aggregate value of the egress packets dropped associated with the policy. |
|
Ingress Bytes |
Total aggregate value of the ingress bytes associated with the policy. |
|
Egress Bytes |
Total aggregate value of the egress bytes associated with the policy. |
|
Ingress Errors |
Total aggregate value of the ingress errors associated with the policy. |
Note: Click the Gear icon 
to add or remove column or columns as per your requirement.
| 2. | Click the name of a policy to view the statistics of the policy. The statistics appears on the bottom of the Policies page. |
You can view the following three tabs along with the policy name:
| Source Specifications |
| Rules |
| Container |
You can scroll each of the tables to view more columns. The fields and description for the tab that appears when you click the tabs are described in the topics respectively.
Source Specifications
You can view the criteria based on which a pod is selected for tapping.
The fields and descriptions of the source specifications tab are described in the following table:
|
Tab- Source Specifications |
Field |
Description |
|---|---|---|
|
Source Selector |
||
|
|
Name |
Specifies the name of the Source selector. |
|
Include Criteria |
||
|
|
Criteria Name |
Specifies the include criteria for the source selector. Pod that matches the include criteria is part of the source for the given traffic policy. |
|
Property |
Specifies the attributes of the pod. The available attributes are: service
|
|
|
|
Operator |
Specifies the operator used in the criteria. |
|
|
Value |
Specifies the value for the attributes in the criteria. |
|
Exclude Criteria |
||
|
|
Criteria Name |
Specifies the exclude criteria for the source selector. Pod that matches the exclude criteria will be part of the source for the given traffic policy. |
|
|
Property |
Specifies the property in the exclude criteria based on which the pod associated with the source is tapped. |
|
|
Operator |
Specifies the operator involved in the exclude criteria in tapping the traffic in the pod. |
|
|
Value |
Specifies the value in the criteria based on which traffic in the pod is tapped. |
Rules
You can view the aggregate value of all the rules the policy has been configured for the node in the UCT tap present in a cluster. The fields and descriptions of the source specifications tab are described in the following table:
|
Tab-Rules Rules |
Field |
Description |
|---|---|---|
|
Rules |
|
|
|
|
Name |
Specifies the name of the rules in which the traffic is filtered in the pod |
|
|
Tunnel Specifications |
Specifies the tunnel details which is associated with the rules to send the traffic out. When you hover over the tunnel specification value, you can view the details of the tunnel in a message box |
|
|
Priority |
Specifies the priority assigned for the rule. |
|
|
Pass/Drop |
Specifies whether to pass or drop the rule. |
|
|
Filters |
Specifies the parameters used in the rule. When you hover over the filter value, you can view the details of the filters in a message box. |
|
|
Direction |
Specifies the direction of the flow of traffic is ingress, egress, or in both direction. |
|
|
Ingress Packets |
Specifies the aggregate value of the ingress packets associated with the rules. |
|
|
Egress Packets |
Specifies the aggregate value of the egress packets associated with the rules. |
|
Ingress Dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rules. |
|
|
Egress Dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules. |
|
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rules. |
|
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rules. |
|
|
UCT |
|
|
|
|
Name |
Name of the UCT associated with the rule. |
|
|
Ingress Packets |
Specifies the aggregate value of the ingress packets associated with the rules for an UCT. |
|
|
Egress Packets |
Specifies the aggregate value of the egress packets associated with the rules for an UCT. |
|
|
Ingress Bytes |
Specifies the total aggregate value of the ingress bytes associated with the rules for an UCT. |
|
|
Egress Bytes |
Specifies the total aggregate value of the egress bytes associated with the rules for an UCT. |
|
Ingress Dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rules for an UCT. |
|
|
Egress Dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules for an UCT. |
|
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rules for an UCT. |
|
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rules for an UCT. |
|
|
Container |
||
|
|
Pod ID |
Specifies the Pod ID associated with the rules . |
|
|
Ingress Packets |
Specifies the aggregate value of the ingress packets associated with the ruled for a pod in the UCT. |
|
|
Egress Packets |
Specifies the aggregate value of the egress packets associated with the ruled for a pod in the UCT. |
|
|
Ingress Bytes |
Specifies the total aggregate value of the ingress bytes associated with the rules for an UCT. |
|
|
Egress Bytes |
Specifies the total aggregate value of the egress bytes associated with the rules for an UCT. |
|
Ingress Dropped |
Specifies the total aggregate value of the ingress bytes dropped associated with the rules for an UCT. |
|
|
Egress Dropped |
Specifies the total aggregate value of the egress bytes dropped associated with the rules for an UCT. |
|
|
Ingress Errors |
Specifies the total aggregate value of the ingress errors associated with the rules for an UCT. |
|
|
Egress Errors |
Specifies the total aggregate value of the egress errors associated with the rules for an UCT. |
Container
You can view the aggregate value of the packets for a container, and also the rules associated with a container.
The fields and descriptions of the source specifications tab are described in the following table:
|
Tab- Container Box |
Field |
Description |
|---|---|---|
|
UCT |
|
|
|
|
Name |
Specifies the name of the UCT associated with the rule. |
|
|
Ingress packets |
Specifies the aggregate value of the ingress packets associated with the pod in a UCT |
|
|
Egress packets |
Specifies the aggregate value of the egress packets associated with the pod in a UCT |
|
|
Ingress Bytes |
Specifies the aggregate value of the ingress packets associated with the rules for a pod in the UCT. |
|
|
Egress Bytes |
Specifies the aggregate value of the egress packets associated with the rules for a pod in the UCT. |
|
Ingress Dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rules for an UCT. |
|
|
Egress Dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules for an UCT. |
|
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rules for an UCT. |
|
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rules for an UCT. |
|
|
Container |
|
|
|
|
Pod ID |
Specifies the Pod ID associated with the policy. To support pod name, following section should be added under
deployment: valueFrom: field Ref: field Path: metadata.name |
|
|
Ingress packets |
Specifies the aggregate value of the ingress packets associated with the rule for a pod in the UCT. |
|
|
Egress packets |
Specifies the aggregate value of the egress packets associated with the rule for a pod in the UCT. |
|
|
Ingress Bytes |
Specifies the aggregate value of the ingress bytes associated with the rule for a pod in the UCT. |
|
|
Egress Bytes |
Specifies the aggregate value of the egress bytes associated with the rule for a pod in the UCT. |
|
Ingress Dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rules for an UCT. |
|
|
Egress Dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules for an UCT. |
|
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rules for an UCT. |
|
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rules for an UCT. |
|
|
Rules |
Name |
Specifies the rules associated with the container |
|
|
Tunnel Specifications |
Specifies the tunnel associated with the rules |
|
|
Priority |
Specifies the priority assigned for the rule. |
|
|
Pass/Drop |
Specifies whether to pass or drop the rule. |
|
|
Filters |
|
|
|
Direction |
Specifies whether the direction of the flow of traffic is ingress or egress. |
|
|
Ingress packets |
Specifies the aggregate value of the ingress packets associated with the rules. |
|
|
Egress packets |
Specifies the aggregate value of the egress packets associated with the rules |
|
|
Ingress Bytes |
Specifies the aggregate value of the ingress bytes associated with the rules. |
|
|
Egress Bytes |
Specifies the aggregate value of the egress bytes associated with the rule. |
|
|
Ingress Errors |
Specifies the aggregate value of the ingress errors associated with the rule. |
|
|
Egress Errors |
Specifies the aggregate value of the egress errors associated with the rule. |
|
|
Ingress dropped |
Specifies the aggregate value of the ingress packets dropped associated with the rule. |
|
|
Egress dropped |
Specifies the aggregate value of the egress packets dropped associated with the rules. |
|
|
Tunnel Specifications |
Specifies the tunnel associated with the rules |
|
|
Priority |
Specifies the priority assigned for the rule. |
