Configure Precryption in UCT-C
GigaVUE-FM allows you to enable or disable the Precryption feature.
Rules and Notes
The following are the memory limits to be applied to UCT-C:
The memory limit changes depending on the number of vCPUs in the worker node. For example, if the worker node has 16 vCPUs, the Precryption feature consumes around 1GB of memory (16 * 64 MB). |
When you deploy secure tunnels, it requires additional (16 *64 MB) memory. Hence, the total memory that you must allocate for the TAP is 1 GB. |
You can always configure the memory allocation using PRECRYPTION_RING_BUFFER_MEMORY_MB in YAML file. |
Protocol version IPv4 and IPv6 are supported. |
If you wish to use IPv6 tunnels, your GigaVUE‑FM and the fabric components version must be 6.6.00 or above. |
The YAML configuration option allows you to choose the amount of buffer size.
To configure the Precryption feature in UCT-C, follow the steps listed below:
1. Go to Traffic > CONTAINER > Universal Cloud Tap - Container.
2. On the Policies page that appears, click New.
3. In the General tab, enter or select the required information as described in the following table:
Fields |
Description |
Policy Name |
Enter a name for the Traffic Policy. The name must be unique. |
Monitoring Domain |
Select an existing monitoring domain. To create a new monitoring domain, refer to Configure Precryption in UCT-C section. |
Clusters |
Select the required cluster from the drop-down menu. |
Precryption Policy |
Click the radio button Yes, to enable the Precryption rules for the policy. Note: Once the policy is deployed, you cannot change the Precryption Policy setting. |
After enabling the Precryption, configure the Create Source Selectors, and the Rules.
Selective Precryption
GigaVUE-FM allows you to filter packets during the Precryption in the Data Acquisition at the UCT-V level. This filtering is done based on L3/L4 5 tuple information (5-tuple filtering) running on the containers.
Refer to Enable Selective Precryption for more detailed information on how to configure Selective Precryption when configuring the Rules.