Prerequisites for Integrating V Series Nodes with NSX-T

The following are the prerequisites for integrating GigaVUE V Series Nodes with VMware NSX-T:

  • ESXi hosts must be prepared as NSX-T Data Center transport nodes by using transport node profiles.
  • ESXi hosts where workload VMs that needs to be monitored must be attached to the overlay transport zone.
  • GigaVUE‑FM supports service insertion only for overlay transport zone associated with the E-W traffic. Service insertion is not supported on VLAN transport zone associated with the N-S traffic or when the VMware NSX-T manager in federation mode.
  • Before deploying GigaVUE V Series Nodes using GigaVUE-FM, Service segment must be created in the NSX-T manager on Overlay Transport Zone. Refer to Create a Service Segment in VMware NSX-T for step-by-step instructions on how to create service segment.
  • Refer to Supported Hypervisors for VMware for supported VMware vCenter, VMware ESXi and VMware NSX-T versions.
  • For more detailed VMware requirements on East-West traffic monitoring, refer to the below links and select the appropriate NSX-T version.
  • Refer to Recommended Form Factor (Instance Types) for ESXi host resource requirement to deploy GigaVUE V Series Nodes.
  • GigaVUE V Series Node device OVA image file.

    Note:  An external HTTP(S) server for hosting the GigaVUE V Series image OVFs and VMDK file (extracted from the OVA file) when using Use External Image Option in Monitoring Domain. Refer to Create Monitoring Domain for VMware NSX-T for more detailed information on what is an external image and how to configure it.

    The GigaVUE V Series Node OVA image files can be downloaded from Gigamon Customer Portal.

Unsupported Configurations when using VMware NSX-T:

  • Service Insertion is not supported on Global NSX-T managers in federation mode. Use Local NSX-T Managers for deploying our solution in this case.
  • Service Insertion is not supported on Multi tenancy environments.
  • GigaVUE-VM and GigaVUE V Series Node visibility solutions cannot be deployed on the same NSX-T manager.
  • Multiple monitoring domains cannot be configured with same NSX-T manager.

Refer to the following topics for the requirements:

Following are the Network Firewall Requirements for GigaVUE V Series Node deployment.

Source Destination Source Port Destination Port Protocol Service Purpose

GigaVUE‑FM

ESXi hosts

Any (1024-65535)

443

TCP

https

Allows GigaVUE-FM to communicate with vCenter, NSX-T and all ESXi hosts.

NSX-T Manager

vCenter

GigaVUE‑FM

GigaVUE V Series Node

Any (1024-65535)

8889

TCP

Custom API

Allows GigaVUE-FM to communicate with GigaVUE V Series Node

Administrator

GigaVUE-FM

Any (1024-65535)

443

TCP

https

Management connection to GigaVUE‑FM

22

ssh

GigaVUE‑FM

GigaVUE V Series Node

Any (1024-65535)

5671

TCP

Custom TCP

Allows GigaVUE-FM to communicate the traffic health updates with GigaVUE V Series Node

Remote Source

GigaVUE V Series Node

Custom Port(VXLAN and UDPGRE),N/A for GRE

4789

UDP

VXLAN

Allows to UDPGRE Tunnel to communicate and tunnel traffic to GigaVUE V Series Nodes(Applicable for Tunnel Ingress option only)

N/A

IP 47

GRE

4754

UDP

UDPGRE

GigaVUE V Series Node

Tool/ HC Series instance

Custom Port(VXLAN),N/A for GRE

4789

UDP

VXLAN

Allows GigaVUE V Series Node to communicate and tunnel traffic to the Tool

N/A

IP 47

GRE

GigaVUE V Series Node

Tool/ HC Series instance

N/A

N/A

ICMP

echo Request

Allows V Series node to health check tunnel destination traffic (Optional)

echo Response

GigaVUE V Series Node

GigaVUE‑FM

Any (1024-65535)

5671

TCP

Custom TCP

Allows GigaVUE V Series Nodes to communicate the traffic health updates with GigaVUE‑FM

GigaVUE-FM

External Image Server URL

Any (1024-65535)

Custom port on web Server

TCP

http

Access to image server to image lookup and checks, and downloading the image

NSX-T Manager

vCenter

ESXi host

NSX-T Manager

GigaVUE-FM

Any (1024-65535)

443

TCP

http

When using GigaVUE-FM as the image server for uploading the GigaVUE V Series Image.

vCenter

ESXi host

The form factor (instance type) size of the GigaVUE V Series Node is configured on the OVF file and packaged as part of the OVA image file. The following table lists the available form factors and sizes based on memory and the number of vCPUs for a single V series node. Instances sizes can be different for GigaVUE V Series Nodes in different ESXi hosts and the default size is Small.

Type

Memory

vCPU

Disk space
Small 4GB 2vCPU 8GB
Medium 8GB 4 vCPU 8GB
Large 16GB 8 vCPU 8GB

This section lists the minimum privileges required for the GigaVUE‑FM user in vCenter.

The following table lists the minimum required permissions for GigaVUE‑FM to manage the vCenter user.

Category

Required Privilege

Purpose

vApp
vApp application configuration

V Series Node Deployment

Virtual machine

Interaction

■   Power on
■   Power Off
V Series Node Deployment
Used to power on and power off GigaVUE V Series Node.

This section lists the minimum roles required for the GigaVUE‑FM user in VMware NSX-T.

GigaVUE-FM Deployment

When deploying GigaVUE V Series Node using GigaVUE-FM, the following is the minimum required role combination:

For NSX-T version 3.2.x and NSX-T version 4.x.x, select the following Role combination:

  • NETX Partner Admin and Security Admin

For NSX-T version 3.1.x, select LDAP with any one of the following Role combinations:

  • NETX Partner Admin and Security Operator
  • NETX Partner Admin and Network Operator

NSX-T Deployment

When deploying GigaVUE V Series Node using VMware NSX-T manager, the minimum required role is NETX Partner Admin.

You can login to the GigaVUE V Series Node, GigaVUE V Series proxy, and UCT-V Controller by using the default credentials.

Product

 Login credentials

GigaVUE V Series Node

You can login to the GigaVUE V Series Node by using ssh. The default username and password is:

Username: gigamon

Password: Gigamon123!