GigaVUE Cloud Suite for Azure

This section describes the requirements and prerequisites for configuring the . Refer to the following section for details.

Recommended Instance Type

Note:  Additional instance types are also supported. Refer to Support,  Sales, or Professional Services for deployment optimization.

Product

Instance Type vCPU RAM

GigaVUE V Series Node

Standard_D4s_v4

4 vCPU

16 GB

Standard_D8S_V4

8 vCPU

32 GB

GigaVUE V Series Proxy

Standard_B1s

1 vCPU

1 GB

UCT-V Controller

Standard_B1s

1 vCPU

1 GB

Network Firewall Requirements for Azure

The following table lists the Network Firewall / Security Group requirements for GigaVUE Cloud Suite.

Note:  When using dual stack network, the below mentioned ports must be opened for both IPv4 and IPv6.

Direction

Protocol

Port

CIDR

Purpose

GigaVUE‑FM

Inbound

TCP

443

Administrator Subnet

Allows GigaVUE-FM to create Management connection.

Inbound

TCP

22

Administrator Subnet

Allows CLI access for user-initiated management and diagnostics.

Inbound

(This is the port used for Third Party Orchestration)

TCP

443

UCT-V Controller IP

Allows GigaVUE-FM to receive registration requests from UCT-V Controller.

Inbound

(This is the port used for Third Party Orchestration)

TCP

443

GigaVUE V Series Node IP

Allows GigaVUE-FM to receive registration requests from GigaVUE V Series Node, when GigaVUE V Series Proxy is not used.

Inbound

(This is the port used for Third Party Orchestration)

TCP

443

GigaVUE V Series Proxy IP

Allows GigaVUE-FM to receive registration requests from GigaVUE V Series Proxy.

Inbound

TCP

5671

GigaVUE V Series Node IP

Allows GigaVUE‑FM to receive traffic health updates from GigaVUE V Series Nodes.

Inbound

TCP

5671

UCT-V or Subnet IP

Allows GigaVUE‑FM to receive statistics from Next Generation UCT-V.

Inbound

UDP

2056

GigaVUE V Series Node IP

Allows GigaVUE‑FM to receive Application Intelligence and Application Visualization reports from GigaVUE V Series Node.

Outbound

TCP

9900

GigaVUE‑FM IP

Allows GigaVUE‑FM to communicate control plane and data plane traffic with UCT-V Controller

Outbound (optional)

TCP

8890

GigaVUE V Series Proxy IP

Allows GigaVUE‑FM to communicate control plane and data plane traffic to GigaVUE V Series Proxy

Outbound

TCP

8889

GigaVUE V Series Node IP

Allows GigaVUE‑FM to communicate control plane and data plane traffic to GigaVUE V Series Node

Outbound

TCP

443

GigaVUE-FM IP Address

Allows GigaVUE‑FM to reach the Public Cloud Platform APIs.

Outbound

TCP

8443

UCT-C Controller IP Address

Allows GigaVUE‑FM to communicate with UCT-C Controller

UCT-V Controller

Inbound

TCP

9900

GigaVUE‑FM IP

Allows UCT-V Controller to communicate with GigaVUE‑FM

Inbound

(This is the port used for Third Party Orchestration)

TCP

8891

UCT-V or Subnet IP

Allows UCT-V Controller to receive the registration requests from UCT-V.

Inbound

TCP

22

Administrator Subnet

Allows CLI access for user-initiated management and diagnostics, specifically when using third party orchestration.

Outbound

(This is the port used for Third Party Orchestration)

TCP

443

GigaVUE‑FM IP

Allows UCT-V Controller to send the registration requests to GigaVUE-FM

Outbound

TCP

9901

UCT-V Controller IP

Allows UCT-V Controller to communicate with UCT-Vs.

Outbound

TCP

5671

GigaVUE-FM IP

Allows UCT-V Controller to send traffic health updates to GigaVUE‑FM.

UCT-V

Inbound

TCP

9901

UCT-V Controller IP

Allows UCT-V to receive stateful communication from UCT-V Controller

Outbound

(This is the port used for Third Party Orchestration)

TCP

8891

UCT-V or Subnet IP

Allows UCT-V to communicate with UCT-V Controller for registration and Heartbeat

Outbound

UDP (VXLAN)
IP Protocol (L2GRE)

VXLAN (default 4789)

UCT-V or Subnet IP

Allows UCT-V to (VXLAN/L2GRE) tunnel traffic to V Series nodes

Outbound

TCP

11443

UCT-V subnet

Allows UCT-V to securely transfer the traffic to GigaVUE V Series Node

Outbound

TCP

9900

UCT-V Controller IP

Allows UCT-V to send traffic health updates to UCT-V Controller.

GigaVUE V Series Proxy (optional)

Inbound

TCP

8890

GigaVUE‑FM IP

Allows GigaVUE‑FM  to communicate with GigaVUE V Series Proxy

Inbound

(This is the port used for Third Party Orchestration)

TCP

8891

GigaVUE V Series Node IP

Allows GigaVUE V Series Proxy to receive registration requests and heartbeat messages from GigaVUE V Series Node.

Inbound

TCP

22

Administrator Subnet

Allows CLI access for user-initiated management and diagnostics, specifically when using third party orchestration.

Outbound

TCP

443

GigaVUE-FM IP

Allows GigaVUE V Series Proxy to communicate the registration requests to GigaVUE-FM

Outbound

TCP

8889

GigaVUE V Series Node IP

Allows GigaVUE V Series Proxy to communicate with GigaVUE V Series Node

GigaVUE V Series Node

Inbound

TCP

8889

GigaVUE-FM IP

Allows GigaVUE V Series Node to communicate with GigaVUE-FM

Inbound

TCP

8889

GigaVUE V Series Proxy IP

Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy.

Inbound

UDP (VXLAN)
IP Protocol (L2GRE)
VXLAN (default 4789)
L2GRE

UCT-V or Subnet IP

Allows GigaVUE V Series Node to (VXLAN/L2GRE) tunnel traffic to UCT-V.

Inbound

UDPGRE

4754

Ingress Tunnel

Allows GigaVUE V Series Node to communicate and tunnel traffic from UDPGRE Tunnel

Inbound

TCP

22

Administrator Subnet

Allows CLI access for user initiated management and diagnostics, specifically when using third party orchestration.

Outbound

TCP

5671

GigaVUE-FM IP

Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM

Outbound

UDP (VXLAN)
IP Protocol (L2GRE)

VXLAN (default 4789)

Tool IP

Allows GigaVUE V Series Node to communicate and tunnel traffic to the tool

Outbound

UDP

2056

GigaVUE-FM IP

Allows GigaVUE V Series Node to send Application Intelligence, Application Visualization reports to GigaVUE-FM

Outbound

UDP

2055

Tool IP

Allows GigaVUE V Series Node to send NetFlow traffic to external tool.

Outbound

UDP

514

Tool IP

Allows GigaVUE V Series Node to send Application Metadata Intelligence log messages to external tool.

Outbound (optional)

ICMP

echo request
echo reply

Tool IP

Allows GigaVUE V Series Node to send health check tunnel destination traffic

Outbound

(This is the port used for Third Party Orchestration)

TCP

8891

GigaVUE V Series Proxy IP

Allows GigaVUE V Series Node to send registration requests and heartbeat messages to GigaVUE V Series Proxy when GigaVUE V Series Proxy is used.

Outbound

(This is the port used for Third Party Orchestration)

TCP

443

GigaVUE-FM IP Address

Allows GigaVUE V Series Node to send registration requests and heartbeat messages to GigaVUE-FM when GigaVUE V Series Proxy is not used.

Bidirectional

TCP

11443

GigaVUE V Series Node subnet

Allows to securely transfer the traffic in between GigaVUE V Series Nodes.

Universal Cloud Tap - Container deployed inside Kubernetes worker node

Outbound

TCP

42042

Any IP address

Allows UCT-C to send statistics to UCT-C Controller.

UCT-C Controller deployed inside Kubernetes worker node

Inbound

TCP

8443 (configurable)

Any IP address

Allows UCT-C Controller to communicate with GigaVUE-FM

Outbound

TCP

5671

Any IP address

Allows UCT-C controller to send statistics to GigaVUE-FM.

Outbound

TCP

VXLAN (default 4789)

Any IP address

Allows UCT-C Controller to communicate and tunnel traffic to the tool

Outbound

TCP

443

Any IP address

Allows UCT-C Controller to communicate with GigaVUE-FM