Windows UCT-V Installation
Windows UCT-V allows you to select the network interfaces by subnet/CIDR and modify the corresponding monitoring permissions in the configuration file. This gives you more granular control over what traffic is monitored and mirrored.
Points to Note:
- VXLAN is the only tunnel type supported for Windows UCT-V.
- Loopback Interface is not supported for Windows UCT-V.
Windows Network Firewall Requirements
If Network Firewall requirements or Security Groups are configured in your environment, you must open the following ports for the virtual machine. Refer to Network Firewall Requirement for GigaVUE Cloud Suite for more details on the firewall requirements or security groups required for your environment.
The following ports for Network Firewall rules can be added from Firewall Settings.
|
Direction |
Port |
Protocol |
CIDR |
Purpose |
|---|---|---|---|---|
|
Inbound |
9901 |
TCP |
UCT-V Controller IP |
Allows UCT-V to receive control and management plane traffic from UCT-V Controller |
|
Outbound |
8891 |
TCP |
UCT-V Subnet IP |
Allows UCT-V to communicate with UCT-V Controller for registration and heartbeat |
|
Outbound |
4789 |
UDP |
UCT-V Subnet IP |
Allows UCT-V to tunnel VXLAN traffic to GigaVUE V Series Nodes |
|
Outbound |
4789 |
UDP |
UCT-V Subnet IP |
Allows UCT-V to tunnel L2GRE traffic to GigaVUE V Series Nodes |
Install Windows UCT-Vs
You can install the UCT-Vs using MSI package in two ways.
| Install Windows UCT-Vs using Installation Script |
| Install Windows UCT-Vs using Manual Configuration |
Refer to the following sections for more detailed information and step-by-step instructions.
Install Windows UCT-Vs using Installation Script
- Download the Windows UCT-V
6.9.00MSI package from the Gigamon Customer Portal. For assistance, contact Contact Technical Support. - Install the downloaded MSI package as Administrator, and the UCT-V service starts automatically.
- Once the UCT-V package is installed, use the command below to perform pre-check, adapter setup, adapter restore, and configuration functionalities.
sudo uctv-wizardRefer to the table below to know more about uctv-wizard command usage options and functionalities:
Options
Use Command
Description
pre-check
sudo uctv-wizard pre-check
Checks the network adapter properties and firewall requirements. It notifies the user if the network adapter's send buffer size is smaller than the required size for the Windows UCT-V and if any firewall rules need to be added.
adapter-setup
sudo uctv-wizard adapter-setup
Checks the compatible network adapters, increases the send buffer size and restarts the service. Before changing the buffer size, the existing configuration is saved as a backup.
You can choose between the following:
If you wish to skip the prompts for changing the buffer size of compatible network adapters, enter the option as y. Enter N if you wish to set it up manually. Refer to the Install Windows UCT-Vs using Manual Configuration section for more details. adapter-restore
sudo uctv-wizard adapter-restore
Using this command, you can restore the backup copy of the network adapter buffer size configuration saved in the in the uctv-wizard adapter-setup step.
Note: You need to manually restart the network adapters for changes to take effect immediately.
You can choose between the following:
If you wish to skip the prompts for restoring the buffer size of the compatible network adapters, enter the option as y. Enter N if you wish to restore it manually. Refer to the Install Windows UCT-Vs using Manual Configuration section for more details. configure
sudo uctv-wizard configure
First, it checks for any existing configured file in the tmp directory. If available, UCT-V will use that configuration.
If unavailable, UCT-V will automatically add the interface configuration in uctv.conf file, excluding the loopback (lo) interface, with all permissions enabled (source ingress, source egress, and destination).
You can add the required policy for the available port if a firewall is installed.
If you wish to skip the prompts to add the required firewall policy, enter your option as y. The console interface will add the firewall rules automatically. Enter N if you wish to configure manually. Refer to the Install Windows UCT-Vs using Manual Configuration section for more details. uninstall
sudo uctv-wizard uninstall
Automatically stops the UCT-V service, removes the firewall rules, and uninstalls the UCT-V.
| Use the command below to view all the log messages generated from uctv-wizard. These log messages are stored at /C:\ProgramData\uctv\uctv-installation.txt |
sudo vi / var/log/uctv-installation.log
| Use the command below to know the usage descriptions for the individual operations. |
uctv-wizard help
Windows UCT-V Installation Scenarios
- Zero Touch Installation - When using a cloud integrated script to deploy UCT-V in a virtual machine, there is zero interference required as the script installs and configures everything automatically.
- One Touch Installation - When using a .msi package with all prerequisite packages in place, UCT-V determines that all dependencies are met, and it will perform auto-configuration and restart the service.
Install Windows UCT-Vs using Manual Configuration
- Download the Windows UCT-V
6.9.00MSI package from the Gigamon Customer Portal. For assistance contact Contact Technical Support. - Install the downloaded MSI package as Administrator and the UCT-V service starts automatically.
- Once the UCT-V package is installed, modify the file C:\ProgramData\Uct-v\uctv.conf to configure and register the source and destination interfaces.
Note: When you have an active, successful monitoring session deployed, any changes to the UCT-V config file made after the initial setup require an UCT-V restart and an inventory refresh or sync from GigaVUE-FM to pick up the new changes and re-initiate the traffic mirroring. GigaVUE-FM does a periodic sync on its own every 15 minutes.
Following are the rules to modify the UCT-V configuration file:- Interface is selected by matching its CIDR address with config entries.
- For the VMs with single interface (.conf file modification is optional):
- if neither mirror-src permissions is granted to the interface, both mirror-src-ingress and mirror-src-egress are granted to it.
- mirror-dst is always granted implicitly to the interface.
- For the VMs with multiple interfaces:
- mirror-dst needs to be granted explicitly in the config file. Only the first matched interface is selected for mirror-dst, all other matched interfaces are ignored.
- if none interfaces is granted any mirror-src permission, all interfaces will be granted mirror-src-ingress and mirror-src-egress.
Example 1—Configuration example to monitor ingress and egress traffic at interface 192.168.1.0/24 and use the same interface to send out the mirrored packets.
For IPv4:
# 192.168.1.0/24 mirror-src-ingress mirror-src-egress mirror-dstFor IPv6:
2001:db8:abcd:ef01::/64 mirror-src-ingress mirror-src-egress 2001:db8:abcd:ef01::/64 mirror-src-egress
2001:db8:abcd:ef01::/64 mirror-dst
Example 2—Configuration example to monitor ingress and egress traffic at interface 192.168.1.0/24 and use the interface 192.168.2.0/24 to send out the mirrored packets.
For IPv4:
192.168.1.0/24 mirror-src-ingress mirror-src-egress192.168.2.0/24 mirror-dstFor IPv6:
2001:db8:abcd:ef01::/64 mirror-src-ingress mirror-src-egress 2001:db8:abcd:ef02::/64 mirror-src-egress
2001:db8:abcd:ef01::2/64 mirror-dst
- Save the file.
- Restart the Windows UCT-V using one of the following actions:
- Run 'sc stop uctv' and 'sc start uctv' from the command prompt.
- Restart the UCT-V from the Windows Task Manager.
You can check the status of the UCT-V in the Service tab of the Windows Task Manager.
What to do Next:
After installing UCT-V, you must create Monitoring Session. Refer to Configure Monitoring Session for detailed instructions on how to create a Monitoring Session, tunnel end points, add applications to the Monitoring Session, and deploy a Monitoring Session.
