Linux UCT-V Installation
You can install UCT-V on various Linux distributions using Debian or RPM packages.
Refer to the following sections for the Linux UCT-V installation:
- Single Network Interface Configuration
- Multiple Network Interface Configuration
- Loopback Network Interface Configuration
- Linux Network Firewall Requirements
- Install UCT-Vs
Single Network Interface Configuration
A single network interface card (NIC) acts both as the source and the destination interface. A UCT-V with a single network interface configuration lets you monitor the ingress or egress traffic from the network interface. The monitored traffic is sent out using the same network interface.
For example, assume that there is only one interface eth0 in the monitoring instance. In the UCT-V configuration, you can configure eth0 as the source and the destination interface and specify both egress and ingress traffic to be selected for monitoring purposes. The egress and ingress traffic from eth0 is mirrored and sent out using the same interface.
Using a single network interface card as the source and the destination interface can sometimes cause increased latency in sending the traffic out from the instance.
Example of the UCT-V configuration file for a single NIC configuration:
Grant permission to monitor ingress and egress traffic at iface
# eth0 mirror-src-ingress mirror-src-egress mirror-dst
Multiple Network Interface Configuration
A UCT-V lets you configure two network interface cards (NICs). One network interface card can be configured as the source interface and another network interface card can be configured as the destination interface.
For example, assume that there are eth0 and eth1 in the monitoring instance. In the UCT-V configuration, eth0 can be configured as the source interface and egress traffic can be selected for monitoring purpose. The eth1 interface can be configured as the destination interface. So, the mirrored traffic from eth0 is sent to eth1. From eth1, the traffic is sent to the GigaVUE V Series Node.
Example of the UCT-V configuration file for a dual NIC configuration:
Grant permission to monitor ingress and egress traffic at iface
# 'eth0' to monitor and 'eth1' to transmit the mirrored packets.# eth0 mirror-src-ingress mirror-src-egress # eth1 mirror-dst
Loopback Network Interface Configuration
UCT-V supports the ability to tap and mirror the loopback interface. You can tap the loopback interfaces on the workload, which carries application level traffic inside the Virtual Machine itself. The loopback interface is always configured as a bi-directional traffic, regardless of the configurations provided in the configuration file.
Linux Network Firewall Requirements
If Network Firewall requirements or security groups are configured in your environment, then you must open the following ports for the virtual machine. Refer to Network Firewall Requirement for GigaVUE Cloud Suite to know more details on the firewall requirements or security groups required for your environment.
|
Direction |
Port |
Protocol |
CIDR |
Purpose |
|---|---|---|---|---|
|
Inbound |
9901 |
TCP |
UCT-V Controller IP |
Allows UCT-V to receive control and management plane traffic from UCT-V Controller |
You can use the following commands to add the Network Firewall rule.
sudo firewall-cmd --add-port=9901/tcp
sudo firewall-cmd --runtime-to-permanent
Install UCT-Vs
You must have sudo/root access to edit the UCT-V configuration file.
For dual or multiple network interface configurations, you may need to modify the network configuration files to ensure that the extra NIC/Network Interface will initialize at boot time.
Prerequisites
Before installing UCT-V.deb or .rpm packages on your Linux VMs, ensure you have the following packages:
| Python3 |
| Python3-pip |
| Python modules |
| netifaces |
| urllib3 |
| requests |
| iproute-tc for RHEL and CentOS VMs |
Note: When using Amazon Linux version 2, ensure iproute-tc package is installed first.
You can install the UCT-Vs either from Debian or RPM packages.
Refer to the following topics for details:
- Install UCT-V from Ubuntu/Debian Package
- Install UCT-V from RPM, Red Hat Enterprise Linux, and CentOS
Install UCT-V from Ubuntu/Debian Package
NOTE: When using Kernel version less than 5.4 on Ubuntu 16.04 with Python version 3.5 installed, follow the instructions given below before installing UCT-V.
sudo apt-get update
sudo apt install python3-netifaces
curl https://bootstrap.pypa.io/pip/3.5/get-pip.py -o get-pip.py
/usr/bin/python3.5 get-pip.py
sudo /usr/bin/python3.5 -m pip uninstall requests
sudo /usr/bin/python3.5 -m pip install requests==2.22.
To install from a Debian package:
- Download the UCT-V
6.8.00Debian (.deb) package from the Gigamon Customer Portal. For assistance contact Contact Technical Support. - Copy this package to your instance. Install the package with root privileges, for example:
$ ls gigamon-gigavue_uctv_6.8.00_amd64.deb$ sudo dpkg -i gigamon-gigavue_uctv_6.8.00_amd64.deb - Once the UCT-V package is installed, modify the file /etc/uctv/uctv.conf to configure and register the source and destination interfaces. The following
examples registers eth0 as the mirror source for both ingress and egress traffic and eth1 as the
destination for this traffic:
Note: When you have an active, successful monitoring session deployed, any changes to the UCT-V config file made after the initial setup require an UCT-V restart and an inventory refresh or sync from GigaVUE-FM to pick up the new changes and re-initiate the traffic mirroring. GigaVUE-FM does a periodic sync on its own every 15 minutes.
Example 1—Configuration example to monitor ingress and egress traffic at interface eth0 and use the same interface to send out the mirrored packets
# eth0 mirror-src-ingress mirror-src-egress mirror-dstExample 2—Configuration example to monitor ingress and egress traffic at interface eth0 and use the interface eth1 to send out the mirrored packets
# eth0 mirror-src-ingress mirror-src-egress
# eth1 mirror-dstExample 3—Configuration example to monitor ingress and egress traffic at interface eth0 and eth 1; use the interface eth1 to send out the mirrored packets
# eth0 mirror-src-ingress mirror-src-egress
# eth1 mirror-src-ingress mirror-src-egress mirror-dstExample 4—Configuration example to monitor ingress traffic at iface 'eth0' and egress traffic at iface 'eth1' and use iface 'eth2' to transmit the mirrored packets.
# eth0 mirror-src-ingress# eth1 mirror-src-egress# eth2 mirror-dstExample 5—Configuration example to monitor traffic at iface 'lo' which will be always registered as bidirectional traffic regardless of the config and use iface 'eth0' to transmit the mirrored packets.
# lo mirror-src-ingress mirror-src-egress# eth0 mirror-dstNote: Ensure that the configuration for a single interface is provided on a single line.
- Save the file.
- Restart the UCT-V service.
$ sudo service uctv restart
The UCT-V status will be displayed as running. Check the status using the following command:
$ sudo service uctv status
Install UCT-V from RPM, Red Hat Enterprise Linux, and CentOS
Use the following commands to install the required packages:
sudo yum install iproute-tc -y
sudo yum install python3 –y
sudo yum install python3-pip -y
sudo pip3 install urllib3
sudo pip3 install requests
sudo pip3 install netifaces
To install from an RPM (.rpm) package on a Redhat, CentOS, or other RPM-based system:
- Download the UCT-V
6.8.00RPM (.rpm) package from the Gigamon Customer Portal. For assistance contact Contact Technical Support. - Copy this package to your instance. Install the package with root privileges, for example:
$ ls gigamon-gigavue_uctv_6.8.00_x86_64.rpm$ sudo rpm -i gigamon-gigavue_uctv_6.8.00_x86_64.rpm - Modify the /etc/uctv/uctv.conf file to configure and register the source and destination interfaces. The following
example registers the eth0 as the mirror source for both ingress and egress traffic and registers eth1
as the destination for this traffic as follows:
Note: When you have an active, successful monitoring session deployed, any changes to the UCT-V config file made after the initial setup require an UCT-V restart and an inventory refresh or sync from GigaVUE-FM to pick up the new changes and re-initiate the traffic mirroring. GigaVUE-FM does a periodic sync on its own every 15 minutes.
Example 1—Configuration example to monitor ingress and egress traffic at interface eth0 and use the same interface to send out the mirrored packets
# eth0 mirror-src-ingress mirror-src-egress mirror-dstExample 2—Configuration example to monitor ingress and egress traffic at interface eth0 and use the interface eth1 to send out the mirrored packets
# eth0 mirror-src-ingress mirror-src-egress# eth1 mirror-dstExample 3—Configuration example to monitor ingress and egress traffic at interface eth0 and eth 1; use the interface eth1 to send out the mirrored packets
# eth0 mirror-src-ingress mirror-src-egress# eth1 mirror-src-ingress mirror-src-egress mirror-dstExample 4—Configuration example to monitor ingress traffic at iface 'eth0' and egress traffic at iface 'eth1' and use iface 'eth2' to transmit the mirrored packets.
# eth0 mirror-src-ingress# eth1 mirror-src-egress# eth2 mirror-dstExample 5—Configuration example to monitor traffic at iface 'lo' which will be always registered as bidirectional traffic regardless of the config and use iface 'eth0' to transmit the mirrored packets.
# lo mirror-src-ingress mirror-src-egress# eth0 mirror-dstNote: Ensure that the configuration for a single interface is provided on a single line.
- Save the file.
- Restart the UCT-V service.
$ sudo service uctv restart
The UCT-V status will be displayed as running. Check the status with the following command:
$ sudo service uctv status
