Configure Packet Mirroring for GCP

Packet Mirroring clones the traffic of specified instances in your Virtual Private Cloud (VPC) network and forwards it for examination. Packet Mirroring captures all traffic and packet data, including payloads and headers. The capture can be configured for both egress and ingress traffic, only ingress traffic, or only egress traffic.

Note:  When deploying GigaVUE V Series Nodes for configuring Application Intelligence Session, Packet Mirroring should not be used. Since Application Intelligence uses stateful traffic, you may experience packet drop due to GCP platform limitation.

Refer to the following topics for detailed information.

• Configure Packet Mirroring in GCP
• Configure Monitoring Session with Packet Mirroring

Rules and Notes:

• Load Balancer forwards raw traffic. Therefore when configuring the monitoring session the Raw End Point must be used as the first component which receives traffic.
• Three NICs must be configured for GigaVUE V Series Node because REP and TEP cannot share the same interface.

A typical GCP deployment to support the internal load balancer and packet mirroring requires the following components:

• GigaVUE-FM
• GigaVUE V Series Node
• GCP Internal Load Balancer (uniformly distributes traffic from GCP target VMs to GigaVUE V Series Nodes)

Configure Packet Mirroring in GCP

This section provides step-by-step instructions on how to configure packet mirroring in GCP.

1. Create an instance template in GCP to deploy the GigaVUE V Series Node in GCP using Third Party Orchestration, refer to Register GigaVUE V Series Node and GigaVUE V Series Proxy during Instance Launch for more detailed information on how to deploy GigaVUE V Series Node in GCP.
• When using packet mirroring, a minimum of 3 NICs must be configured and the Machine Type must be c2-standard-8 (8 vCPU, 32 GB memory).
• Enable IP Forwarding when creating the instance template in GCP.
2. Create Instance Group in GCP with autoscaling in Managed Instance Group. Refer Create a MIG with autoscaling enabled topic in Google Cloud Platform Documentation for more details.
3. Configure TCP or UDP internal Load balancer with packet forwarding enabled and ensure that the GigaVUE V Series Nodes data NICs are used to receive traffic. Refer to Create a load balancer for Packet Mirroring section in Google Cloud Platform documentation for step-by-step instructions on how to create a TCP or UDP internal Load balancer.
4. Configure packet mirroring in GCP, refer to Use Packet Mirroring topic in Google Cloud Documentation for step-by-step instructions.

After configuring packet mirroring in GCP, edit the Monitoring Domain in GigaVUE-FM and configure the Monitoring Session.

Configure Monitoring Session with Packet Mirroring

To configure monitoring session with packet mirroring enabled in GCP, follow the steps given below:

Edit the monitoring domain and update the following details:

1. Go to Inventory > VIRTUAL > Third Party Orchestration, and then click Monitoring Domain. The Monitoring Domain page appears.
2. Select the Monitoring Domain with the GigaVUE V Series Node deployed with packet mirroring.
3. Click Actions > Edit.
4. In the Monitoring Domain Configuration page, select Customer Orchestrated Source as the Traffic Acquisition method.
   
5. Enable the Uniform Traffic Policy check box. When enabling this option, same monitoring session configuration will be applied to all GigaVUE V Series Nodes.
6. Click Save to save the configuration.

Create a monitoring session with the following instructions:

1. In GigaVUE‑FM, on the left navigation pane, select Traffic > Virtual > Orchestrated Flows and select Third Party Orchestration. The Monitoring Sessions page appears.
2. Click New to open the Create a New Monitoring Session page. Refer to Create a Monitoring Session (Third Party Orchestration) for more detailed information on how to create a monitoring session.
3. In the Edit Monitoring Session page. Add Raw End Point as the first component and Tunnel End Point as the final component. Refer to Create Raw Endpoint (Third Party Orchestration) and Create Ingress and Egress Tunnel (Third Party Orchestration) for more detailed information on how to create tunnel endpoints and raw endpoints.
4. Add your application to the monitoring session. Connect your components.
5. To deploy the monitoring session after adding the Raw End Point click the Deploy button in the edit monitoring session page.
6. The Select nodes to deploy the Monitoring Session dialog box appears. Select the interface for REP and TEP from the drop-down menu.