Configure Monitoring Session Options (AWS)

In the Monitoring Session page, you can perform the following actions in the TRAFFIC ACQUISITION and TRAFFIC PROCESSING tabs.

■   Enable Prefiltering
■   Enable Precryption
■   Apply Threshold Template
■   Enable User-defined applications
■   Enable Distributed De-duplication

Traffic Acquisition

To navigate to TRAFFIC ACQUISITION tab, follow the steps given below:

  1. Go to Traffic > Virtual > Orchestrated Flows > Select your cloud platform.
  2. Select a Monitoring Session from the Monitoring Sessions list view on the left side of the screen and select the TRAFFIC ACQUISITION tab.

You can perform the following actions in the TRAFFIC ACQUISITION page:

Enable Prefiltering

To enable Prefiltering, follow the steps given below:

  1. In the Monitoring Session TRAFFIC ACQUISITION page, select the Mirroring tab and select Edit Mirroring.
  2. Enable the Mirroring toggle button.
  3. Enable the Secure Tunnel button if you wish to configure Secure Tunnels. For more information about Secure Tunnel, refer to Configure Secure Tunnel (AWS).
  4. Perform one of the following:
    • Select an existing Prefiltering template from the Template drop-down menu.
    • Create a new template using Add Rule option and apply it. Refer to Create Prefiltering Policy Templatefor more details on how to create a new template.
    • Select the Save as Template button to save the newly created template.
  5. Select Save to apply the template to the Monitoring Session.

Enable Precryption

Rules and Notes

  • To avoid packet fragmentation, you should change the option precryption-path-mtu in UCT-V configuration file (/etc/uctv/uctv.conf) within the range 1400-9000 based on the platform path MTU.
  • Protocol version IPv4 and IPv6 are supported.
  • If you wish to use IPv6 tunnels, ensure that your GigaVUE‑FM and the fabric components versions are 6.6.00 or above.

Note:  We recommend to enable the secure tunnel feature whenever the Precryption feature is enabled. Secure tunnel helps to securely transfer the cloud captured packets or precrypted data to a GigaVUE V Series Node. For details, refer to Secure Tunnels in in the respective GigaVUE Cloud Suite Deployment Guide.

To enable Precryption, follow the steps given below:

  1. In the Monitoring Session TRAFFIC ACQUISITION page, click Precryption tab.
  2. Enable the Precryption toggle button. Refer to Precryption™ topic for more details on Precryption.
  3. You can apply Precryption to a few selective components based on the traffic:

    Note:  If you wish to use Selective Precryption, your GigaVUE-FM and the fabric components version must be 6.8.00 or above.

    Applications:

    1. Select the APPLICATIONS tab.
      The Pass All Applications is enabled by default. If you wish to use selective Precryption, disable this option.
    2. Select one of the following options for Actions:
      1. Include: Select to include the traffic from the selected applications for Precryption.
      2. Exclude: Select to exclude the traffic from the selected applications for Precryption.
    3. Select Add. The Add Application widget opens.
    4. Select csv as the Type, if you wish to add the applications using a .csv file.
    5. Select Choose File and upload the file.
    6. Select Manual as the Type, if you wish to add the applications manually.
    7. Enter the Application Name and click + icon to add more applications.
    8. Select Apply.

    L3-L4

    1. You can select an existing Precryption template from the Template drop-down menu, or you can create a new template and apply it. For details, refer to Create Precryption Template for UCT-V.
  4. Enable the Secure Tunnel button if you wish to use Secure Tunnels. For details, refer to the Configure Secure Tunnel section in the respective GigaVUE Cloud Suite Deployment Guide.

Validate Precryption connection

To validate the Precryption connection, follow these steps:

■   Navigate to the Monitoring Session dashboard and select the Precryption option that should show yes,
■   Select Status, to view the rules configured.

Limitations

During Precryption, UCT-V generates a TCP message with the payload being captured in clear text. Capturing the L3/L4 details of this TCP packet by probing the SSL connect/accept APIs. The default gateway's MAC address is the destination MAC address for the TCP packet when SSL data is received on a specific interface. If the gateway is incorrectly configured, the destination MAC address value is all Zeros.

Traffic processing

To navigate to TRAFFIC PROCESSING tab, follow these steps:

  1. Go to Traffic > Virtual > Orchestrated Flows > Select your cloud platform.
  2. Select a Monitoring Session from the Monitoring Sessions list view on the left side of the screen and select TRAFFIC PROCESSING tab.

You can perform the following actions in the TRAFFIC PROCESSING page:

Apply Threshold Template

To apply threshold, follow these steps:

  1. In the Monitoring Session TRAFFIC PROCESSING page, select Thresholds under Options menu.
  2. Select the template you wish to apply from the drop-down. Click Apply. Refer to Traffic Health Monitoring section for more details on Threshold Template.

Enable User Defined Applications

To enable user defined application, follow these steps:

  1. In the Monitoring Session TRAFFIC PROCESSING page, select User Defined Applications under Options menu.
  2. Enable the User-defined Applications toggle button. For details, refer to User Defined Application section .

Enable Distributed De-duplication

Enabling the "Distributed De-duplication" option identifies duplicate packets across different GigaVUE V Series Nodes when traffic from various targets is routed to these instances for monitoring. For details, refer to Distributed De-duplication.

Notes:
  • Distributed De-duplication is only supported on GigaVUE V Series Node version 6.5.00 and later.
  • From version 6.9, Traffic Distribution option is renamed to Distributed De-duplication.