Linux UCT-V Installation

You can install UCT-V on various Linux distributions using Debian or RPM packages.

Refer to the following sections for the Linux UCT-V installation:

Single Network Interface Configuration

A single network interface card (NIC) acts as the source and the destination interface. UCT-V with a single network interface configuration lets you monitor the ingress or egress traffic from the network interface. The monitored traffic is sent out using the same network interface.

For example, assume that there is only one interface, eth0, in the monitoring instance. In the UCT-V configuration, you can configure eth0 as the source and the destination interface and specify both egress and ingress traffic to be selected for monitoring purposes. The egress and ingress traffic from eth0 are mirrored and sent out using the same interface.

Using a single network interface card as the source and the destination interface can sometimes cause increased latency when sending the traffic out from the instance.

Example of the UCT-V configuration file for a single NIC configuration:

Grant permission to monitor ingress and egress traffic at iface 

            # eth0   mirror-src-ingress mirror-src-egress mirror-dst

Multiple Network Interface Configuration

UCT-V lets you configure two network interface cards (NICs). One network interface card can be configured as the source interface and another as the destination interface.

For example, assume that eth0 and eth1 are in the monitoring instance. In the UCT-V configuration, eth0 can be configured as the source interface, and egress traffic can be selected for monitoring purposes. The eth1 interface can be configured as the destination interface. So, the mirrored traffic from eth0 is sent to eth1. From eth1, the traffic is sent to the GigaVUE V Series Node.

Example of the UCT-V configuration file for a dual NIC configuration:

Grant permission to monitor ingress and egress traffic at iface 

# 'eth0' to monitor and 'eth1' to transmit the mirrored packets.
# eth0  mirror-src-ingress mirror-src-egress 
# eth1  mirror-dst

Loopback Network Interface Configuration

UCT-V supports the ability to tap and mirror the loopback interface. You can tap the loopback interfaces on the workload, which carries application-level traffic inside the Virtual Machine. The loopback interface is always configured as bidirectional traffic, regardless of the configurations provided in the configuration file.

Linux Network Firewall Requirements

If Network Firewall requirements or security groups are configured in your environment, you must open the following ports for the virtual machine. Refer to Network Firewall Requirement for GigaVUE Cloud Suite for more details on the firewall requirements or security groups required for your environment.

Direction

Port

Protocol

CIDR

Purpose

Inbound

9901

TCP

UCT-V Controller IP

 Allows UCT-V to receive control and management plane traffic from UCT-V Controller

You can use the following commands to add the Network Firewall rule.

sudo firewall-cmd --add-port=9901/tcp

sudo firewall-cmd --runtime-to-permanent

Install Linux UCT-Vs

You must have sudo/root access to edit the UCT-V configuration file. Establish an SSH connection to the virtual machine and ensure you have permission to execute the sudo command.

You may need to modify the network configuration files for dual or multiple network interface configurations to ensure that the extra NIC/Network interface will initialize at boot time.

Prerequisites

UCT-V requires specific packages to function properly. Ensure you have the following packages installed before installing deb or rpm packages on your Linux VMs. If you have already installed UCT-V, use the uctv-wizard pkg-install command to install the packages.

■   Python3
■   Python3-pip
■   Python modules
o   netifaces
o   urllib3
o   requests
■   iproute-tc for RHEL and CentOS VMs

Note:  When using Amazon Linux version 2, ensure iproute-tc package is installed first.

By default, most modern Linux operating systems come pre-installed with all the necessary packages for the UCT-V to function without additional configuration.

Before installing UCT-V, you can provide your own configuration file (uctv.conf) /etc/gigamon-cloud.conf in the tmp directory.

You can install the UCT-Vs either from Debian or RPM packages in two ways.

■   Install Linux UCT-Vs using Installation Script
■   Install Linux UCT-Vs using Manual Configuration

Refer to the following sections for more detailed information and step-by-step instructions.

Install Linux UCT-Vs using Installation Script

  1. To install UCT-V from Ubuntu/Debian:
    a. Download the UCT-V6.9.00 Debian (.deb) package from the Gigamon Customer Portal. For assistance, contact Contact Technical Support.
    b. Copy this package to your instance. Install the package with root privileges, for example:

    $ ls gigamon-gigavue_uctv_6.9.00_amd64.deb

    $ sudo dpkg -i gigamon-gigavue_uctv_6.9.00_amd64.deb

  2. To install UCT-V from RPM, Red Hat Enterprise Linux, and CentOS:
    a. Download the UCT-V6.9.00 RPM (.rpm) package from the Gigamon Customer Portal. For assistance, contact Contact Technical Support.
    b. Copy this package to your instance. Install the package with root privileges, for example:

    $ ls gigamon-gigavue_uctv_6.9.00_x86_64.rpm

    $ sudo rpm -i gigamon-gigavue_uctv_6.9.00_x86_64.rpm

  1. Once the UCT-V package is installed, use the command below to perform pre-check, installation, and configuration functionalities.

    sudo uctv-wizard

    Note:  You can use the installation script (installation_wizard.sh/uctv-wizard) only after the UCT-V is installed. It will not be provided with the Debian or RPM packages.

    Refer to the table below to know more about uctv-wizard command usage options and functionalities:

    Options

    Use Command

    Description

    pre-check

    sudo uctv-wizard pre-check

    Checks the status of the required packages and firewall requirements.

    If there are any missing packages, it will display an appropriate message with the missing package details.

    If all the packages are installed, it will display a success message indicating that UCT-V is ready for configuration.

    pkg-install

    sudo uctv-wizard pkg-install

    Displays the missing package and version details. To proceed with the installation, you can choose between the following:

    If you wish to skip the prompts and proceed with the system update, enter your option as y. The console interface will install the missing packages and restart the UCT-V service.

    Enter N if you wish to install it manually. Refer to the Install Linux UCT-Vs using Manual Configuration section for more details.

    configure

    sudo uctv-wizard configure

    First, it checks for any existing configured file in the tmp directory. If available, UCT-V will use that configuration.

    If unavailable, UCT-V will automatically add the interface configuration in uctv.conf file, excluding the loopback (lo) interface, with all permissions enabled (source ingress, source egress, and destination).

    You can add the required policy for the available port if a firewall is installed.

    If you wish to skip the prompts to add the required firewall policy, enter your option as y. The console interface will add the firewall rules automatically.

    Enter N if you wish to configure manually. Refer to the Install Linux UCT-Vs using Manual Configuration section for more details.

    uninstall

    sudo uctv-wizard uninstall

    Automatically stops the UCT-V service, removes the firewall rules, and uninstalls the UCT-V.

Notes:
■  Use the command below to view all the log messages generated from uctv-wizard. These log messages are stored at /var/log/uctv-installation.log

sudo vi / var/log/uctv-installation.log

■  Use the command below to know the usage descriptions for the individual operations.

sudo uctv-wizard help

Linux UCT-V Installation Scenarios

  1. Zero Touch Installation - When using a cloud-integrated script to deploy UCT-V in a virtual machine, there is zero interference required as the script installs and configures everything automatically.
  2. One Touch Installation - When using .deb or .rpm packages with all prerequisite packages in place, UCT-V determines that all dependencies are met, and it will perform auto-configuration and restart the service.
  3. Two Touch Installation - When using .deb or .rpm packages with missing prerequisite packages, the platform displays a warning message about the missing packages. You should install the missing packages using the 'sudo uctv-wizard pkg-install' command.

Install Linux UCT-Vs using Manual Configuration

NOTE: When using Kernel version less than 5.4 on Ubuntu 16.04 with Python version 3.5 installed, follow the instructions given below before installing UCT-V.

sudo apt-get update
sudo apt install python3-netifaces
curl https://bootstrap.pypa.io/pip/3.5/get-pip.py -o get-pip.py
/usr/bin/python3.5 get-pip.py
sudo /usr/bin/python3.5 -m pip uninstall requests
sudo /usr/bin/python3.5 -m pip install requests==2.22.

To install from a Debian package:

  1. Download the UCT-V6.9.00 Debian (.deb) package from the Gigamon Customer Portal. For assistance contact Contact Technical Support.
  2. Copy this package to your instance. Install the package with root privileges, for example:

    $ ls gigamon-gigavue_uctv_6.9.00_amd64.deb

    $ sudo dpkg -i gigamon-gigavue_uctv_6.9.00_amd64.deb

  3. Once the UCT-V package is installed, modify the file /etc/uctv/uctv.conf to configure and register the source and destination interfaces. The following examples registers eth0 as the mirror source for both ingress and egress traffic and eth1 as the destination for this traffic:

    Note:  When you have an active, successful monitoring session deployed, any changes to the UCT-V config file made after the initial setup require an UCT-V restart and an inventory refresh or sync from GigaVUE-FM to pick up the new changes and re-initiate the traffic mirroring. GigaVUE-FM does a periodic sync on its own every 15 minutes.

    Example 1—Configuration example to monitor ingress and egress traffic at interface eth0 and use the same interface to send out the mirrored packets

    # eth0   mirror-src-ingress mirror-src-egress mirror-dst

    Example 2—Configuration example to monitor ingress and egress traffic at interface eth0 and use the interface eth1 to send out the mirrored packets

    # eth0   mirror-src-ingress mirror-src-egress
    # eth1   mirror-dst

    Example 3—Configuration example to monitor ingress and egress traffic at interface eth0 and eth 1; use the interface eth1 to send out the mirrored packets

    # eth0   mirror-src-ingress mirror-src-egress
    # eth1   mirror-src-ingress mirror-src-egress mirror-dst

    Example 4—Configuration example to monitor ingress traffic at iface 'eth0' and egress traffic at iface 'eth1' and use iface 'eth2' to transmit the mirrored packets.

    # eth0   mirror-src-ingress

    # eth1   mirror-src-egress

    # eth2 mirror-dst

    Example 5—Configuration example to monitor traffic at iface 'lo' which will be always registered as bidirectional traffic regardless of the config and use iface 'eth0' to transmit the mirrored packets.

    # lo mirror-src-ingress mirror-src-egress

    # eth0 mirror-dst

    Note:  Ensure that the configuration for a single interface is provided on a single line.

  4. Save the file.
  5. Restart the UCT-V service.

$ sudo service uctv restart

The UCT-V status will be displayed as running. Check the status using the following command:

$ sudo service uctv status

NOTE: Use the following commands to install the required packages:.

sudo yum install iproute-tc -y
sudo yum install python3 –y
sudo yum install python3-pip -y
sudo pip3 install urllib3
sudo pip3 install requests
sudo pip3 install netifaces

To install from an RPM (.rpm) package on a Redhat, CentOS, or other RPM-based system:

  1. Download the UCT-V6.9.00 RPM (.rpm) package from the Gigamon Customer Portal. For assistance contact Contact Technical Support.
  2. Copy this package to your instance. Install the package with root privileges, for example:

    $ ls gigamon-gigavue_uctv_6.9.00_x86_64.rpm

    $ sudo rpm -i gigamon-gigavue_uctv_6.9.00_x86_64.rpm

  3. Once the UCT-V package is installed, Modify the /etc/uctv/uctv.conf file to configure and register the source and destination interfaces. The following example registers the eth0 as the mirror source for both ingress and egress traffic and registers eth1 as the destination for this traffic as follows:

    Note:  When you have an active, successful monitoring session deployed, any changes to the UCT-V config file made after the initial setup require an UCT-V restart and an inventory refresh or sync from GigaVUE-FM to pick up the new changes and re-initiate the traffic mirroring. GigaVUE-FM does a periodic sync on its own every 15 minutes.

    Example 1—Configuration example to monitor ingress and egress traffic at interface eth0 and use the same interface to send out the mirrored packets

    # eth0   mirror-src-ingress mirror-src-egress mirror-dst

    Example 2—Configuration example to monitor ingress and egress traffic at interface eth0 and use the interface eth1 to send out the mirrored packets

    # eth0   mirror-src-ingress mirror-src-egress

    # eth1   mirror-dst

    Example 3—Configuration example to monitor ingress and egress traffic at interface eth0 and eth 1; use the interface eth1 to send out the mirrored packets

    # eth0   mirror-src-ingress mirror-src-egress

    # eth1   mirror-src-ingress mirror-src-egress mirror-dst

    Example 4—Configuration example to monitor ingress traffic at iface 'eth0' and egress traffic at iface 'eth1' and use iface 'eth2' to transmit the mirrored packets.

    # eth0   mirror-src-ingress

    # eth1   mirror-src-egress

    # eth2 mirror-dst

    Example 5—Configuration example to monitor traffic at iface 'lo' which will be always registered as bidirectional traffic regardless of the config and use iface 'eth0' to transmit the mirrored packets.

    # lo mirror-src-ingress mirror-src-egress

    # eth0 mirror-dst

    Note:  Ensure that the configuration for a single interface is provided on a single line.

  4. Save the file.
  5. Restart the UCT-V service.
    $ sudo service uctv restart

The UCT-V status will be displayed as running. Check the status with the following command:

$ sudo service uctv status

What to do Next:

After installing UCT-V, you must create Monitoring Session. Refer to Configure Monitoring Session for detailed instructions on how to create a Monitoring Session, tunnel end points, add applications to the Monitoring Session, and deploy a Monitoring Session.