Prerequisites

To enable the flow of traffic between the components and the monitoring tools, you must create the following requirements:

■   Resource Group
■   Virtual Network
■   Subnets for VNet
■   Network Interfaces (NICs) for VMs
■   Network Security Groups
■   Virtual Network Peering
■   Access control (IAM)
■   Default Login Credentials
■   Recommended Instance Types

Resource Group

The resource group is a container that holds all the resources for a solution.

To create a resource group in Azure, refer to Create a resource group topic in the Azure Documentation.

Virtual Network

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.

You can only configure the GigaVUE fabric components in a Centralized VNet only. In case of a shared VNet, you must select a VNet as your Centralized VNet for GigaVUE fabric configuration.

To create a virtual network in Azure, refer to Create a virtual network topic in the Azure Documentation.

Subnets for VNet

The following table lists the two recommended subnets that your VNet must have to configure the GigaVUE Cloud components in Azure.

You can add subnets when creating a VNet or add subnets on an existing VNet. Refer to Add a subnet topic in the Azure Documentation for detailed information.

Subnet

Description

Management Subnet

Subnet that the GigaVUE-FM uses to communicate with the GigaVUE V Series Nodes and Proxy.

Data Subnet

A data subnet can accept incoming mirrored traffic from agents to the GigaVUE V Series Nodes or be used to egress traffic to a tool from the GigaVUE V Series Nodes. There can be multiple data subnets.

■   Ingress is VXLAN from agents
■   Egress is either VXLAN tunnel to tools or to GigaVUE HC Series tunnel port, or raw packets through a NAT when using NetFlow.

Note:  If you are using a single subnet, then the Management subnet will also be used as a Data Subnet.

Tool Subnet

A tool subnet can accept egress traffic to a tool from the GigaVUE V Series Nodes. There can be only one tool subnet.

■   Egress is either VXLAN tunnel to tools or to GigaVUE HC Series tunnel port, or raw packets through a NAT when using NetFlow.

Network Interfaces (NICs) for VMs

When using UCT-V as the traffic acquisition method, for the UCT-Vs to mirror the traffic from the VMs, you must configure one or more Network Interfaces (NICs) on the VMs.

■   Single NIC—If there is only one interface configured on the VM with the UCT-V, the UCT-V sends the mirrored traffic out using the same interface.
■   Multiple NICs—If there are two or more interfaces configured on the VM with the UCT-V, the UCT-V monitors any number of interfaces but has an option to send the mirrored traffic out using any one of the interfaces or using a separate, non-monitored interface.

Network Security Groups

A network security group defines the virtual firewall rules for your VM to control inbound and outbound traffic. When you launch GigaVUE-FM, GigaVUE V Series Proxy, GigaVUE V Series Nodes, and UCT-V Controllers in your VNet, you add rules that control the inbound traffic to VMs, and a separate set of rules that control the outbound traffic.

To create a network security group and add in Azure, refer to Create a network security group topic in the Azure Documentation.

It is recommended to create a separate security group for each component using the rules and port numbers.

In your Azure portal, select a network security group from the list. In the Settings section select the Inbound and Outbound security rules to the following rules.

Following are the Network Firewall Requirements.

The following table lists the Network Firewall Requirements for GigaVUE V Series Node deployment.

Direction

Type

Protocol

Port

CIDR

Purpose

GigaVUE‑FM

Inbound

HTTPS
SSH

TCP

443
22

Administrator Subnet

Management connection to GigaVUE‑FM

Inbound

Custom TCP Rule

TCP

5671

GigaVUE V Series Node IP

Allows GigaVUE V Series Nodes to send traffic health updates to GigaVUE‑FM

Allows Next Generation UCT-V to send statistics to GigaVUE-FM

Outbound

Custom TCP Rule

TCP(6)

9900

GigaVUE‑FM IP

Allows UCT-V Controller to communicate with GigaVUE‑FM

Outbound (optional)

Custom TCP Rule

TCP

8890

GigaVUE V Series Proxy IP

Allows GigaVUE‑FM to communicate with V Series Proxy

Outbound

Custom TCP Rule

TCP

8889

GigaVUE V Series Node IP

Allows GigaVUE‑FM to communicate with GigaVUE V Series node

UCT-V Controller

Inbound

Custom TCP Rule

TCP(6)

9900

GigaVUE‑FM IP

Allows UCT-V Controller to communicate with GigaVUE‑FM

Inbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

8891

UCT-V or Subnet IP

Allows UCT-V Controller to communicate registration requests from UCT-V .

Outbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

443

GigaVUE‑FM IP

Allows UCT-V Controller to communicate the registration requests to GigaVUE-FM

Outbound

Custom TCP Rule

TCP(6)

9901

UCT-V Controller IP

Allows UCT-V Controller to communicate with UCT-Vs

Outbound

Custom TCP Rule

TCP

5671

GigaVUE-FM IP

Allows UCT-V Controller to send traffic health updates to GigaVUE-FM.

UCT-V

Inbound

Custom TCP Rule

TCP(6)

9901

UCT-V Controller IP

Allows UCT-Vs to communicate with UCT-V Controller

Outbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

8891

UCT-V or Subnet IP

Allows UCT-V to communicate with UCT-V Controller for registration and Heartbeat

Outbound

UDP
IP
UDP (VXLAN)
IP Protocol (L2GRE)

VXLAN (default 4789)

UCT-V or Subnet IP

Allows UCT-Vs to (VXLAN/L2GRE) tunnel traffic to V Series nodes

Outbound

Custom TCP Rule

TCP

11443

UCT-V subnet

Allows UCT-V to securely transfer the traffic to GigaVUE V Series Node

GigaVUE V Series V Series Proxy (optional)

Inbound

Custom TCP Rule

TCP

8890

GigaVUE‑FM IP

Allows GigaVUE‑FM  to communicate with V Series Proxy

Outbound

Custom TCP Rule

TCP

8889

GigaVUE V Series Node IP

Allows V Series Proxy to communicate with V Series node

GigaVUE V Series V Series Node

Inbound

Custom TCP Rule

TCP

8889

GigaVUE-FM IP
V Series Proxy IP

Allows V Series Proxy or GigaVUE-FM to communicate with V Series node

Inbound

UDP
IP
UDP (VXLAN)
IP Protocol (L2GRE)
VXLAN (default 4789)
L2GRE

UCT-V or Subnet IP

Allows UCT-Vs to (VXLAN/L2GRE) tunnel traffic to V Series nodes

Inbound

UDP

UDPGRE

4754

Ingress Tunnel

Allows to UDPGRE Tunnel to communicate and tunnel traffic to V Series nodes

Outbound

Custom TCP Rule

TCP

5671

GigaVUE-FM IP

Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM

Outbound

Custom UDP Rule

UDP (VXLAN)
IP Protocol (L2GRE)

VXLAN (default 4789)

Tool IP

Allows V Series node to communicate and tunnel traffic to the Tool

Outbound (optional)

ICMP

ICMP

echo request
echo reply

Tool IP

Allows V Series node to health check tunnel destination traffic

Bi-directional

Custom TCP Rule

TCP

11443

GigaVUE V Series Node subnet

Allows to securely transfer the traffic in between GigaVUE V Series Nodes.

Virtual Network Peering

Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. Virtual Network Peering is only applicable when multiple Virtual Networks are used in a design. Refer to Virtual Network Peering topic in Azure documentation for more details.

Access control (IAM)

You must have full resource access to the control the GigaVUE cloud components. Refer to Check access for a user topic in the Azure documentation for more details.

Default Login Credentials

You can login to the GigaVUE V Series Node, GigaVUE V Series Proxy, and UCT-V Controller by using the default credentials.

Product

Login credentials

GigaVUE V Series Node

You can login to the GigaVUE V Series Node by using ssh. The default username and password is not configured.

GigaVUE V Series proxy

You can login to the GigaVUE V Series Node by using ssh. The default username and password is not configured.

UCT-V Controller

You can login to the GigaVUE V Series Node by using ssh. The default username and password is not configured.

Recommended Instance Types

Note:  Additional instance types are also supported. Refer to Support,  Sales, or Professional Services for deployment optimization.

Product

Instance Type vCPU RAM

GigaVUE V Series Node

Standard_D4s_v4

4 vCPU

16 GB

Standard_D8S_V4

8 vCPU

32 GB

GigaVUE V Series Proxy

Standard_B1s

1 vCPU

1 GB

UCT-V Controller

Standard_B1s

1 vCPU

1 GB