Packet Mirroring
Packet Mirroring is one of the fundamental ways to acquire traffic from the workloads (VMs or pods) for monitoring. Packet mirroring clones the network packets directly from network interfaces of selected workloads and sends them to a destination for processing and analysis. Packets can be selectively mirrored from some or all the network interfaces of the workloads. Packet mirroring can also be configured to mirror packets only for ingress traffic, or only for egress traffic or both.
GigaVUE Cloud Suite for AWS also supports UCT-V based packet mirroring as well as cloud platform native packet mirroring capabilities such as Traffic Mirroring.
How Packet Mirroring Works
The following diagram illustrates how packet mirroring works using UCT-V.
To acquire traffic from a Virtual Machine using UCT-V, install UCT-V into the VMs that need to be monitored. Refer to Configure UCT-V for more detailed information on how to install UCT-Vs. After creating and deploying a Monitoring Session in a Monitoring Domain using UCT-V as traffic acquisition method, GigaVUE-FM sends proper configuration details to all UCT-Vs running inside the VMs selected to mirror packets from network interfaces configured for mirroring. Mirrored packets can be filtered by defined criteria and tunneled out to GigaVUE V Series Nodes for processing and forwarding.
Prefilter Mirrored Traffic
The mirrored traffic from the packet mirroring can be filtered before tunneling it to the GigaVUE V Series Nodes using a filtering criteria in the Monitoring Session. This helps reduce the volume of mirrored traffic sent to the analysis tool. UCT-V supports a range of criteria to acquire and forward the traffic most relevant to your monitoring needs:
- Layer 3 filters: IPv4 source IP, IPv4 destination IP, IPv6 source IP, IPv6 destination IP and protocol
- Layer 4 filters: source port, destination port
Refer to Configure Prefiltering for more detailed information and step-by-step instructions on how to configure Prefiltering.
