Create Ingress and Egress Tunnels (Azure)

Traffic from the GigaVUE V Series Node is distributed to tunnel endpoints in a monitoring session. A tunnel endpoint can be created using a standard L2GRE, VXLAN, UDPGRE, UDP, or ERSPAN tunnel.

Note:  GigaVUE-FM allows you to configure ingress Tunnels in the Monitoring Session, when the Traffic Acquisition Method is UCT-V.

To create a new tunnel endpoint:

  1. After creating a new Monitoring Session or on an existing Monitoring Session, navigate to the TRAFFIC PROCESSING tab. The GigaVUE-FM Monitoring Session canvas page appears.
  2. In the canvas, click the icon on the left side of the page to view the traffic processing elements. Select New > New Tunnel, drag and drop a new tunnel template to the workspace. The Add Tunnel Spec quick view appears.

  3. On the New Tunnel quick view, enter or select the required information as described in the following table.

    Field

    Description

    Alias

    The name of the tunnel endpoint.

    Description

    The description of the tunnel endpoint.

    Admin State

    Note:  This option appears only after the Monitoring session deployment.

    Use this option to send or stop the traffic from GigaVUE-FM to the egress tunnel endpoint. Admin State is enabled by default.

    You can use this option to stop sending traffic to unreachable tools or tools that are in a down state. Each egress tunnel configured on the GigaVUE V Series Node has an administrative state that enables GigaVUE-FM to halt the tunnel's traffic flow. The tunnels will only be disabled by GigaVUE-FM when it receives a notification via REST API indicating that a tool or group of tools is down.

    Note:  This option is not supported for TLS-PCAPNG tunnels.

    Type

    The type of the tunnel. Select from the below options to create a tunnel.

    ERSPAN, L2GRE, VXLAN, TLS-PCAPNG, UDP, or UDPGRE.

    VXLAN

    Traffic Direction

    The direction of the traffic flowing through the GigaVUE V Series Node.

    Note:  In the scenario where secure tunnels need to be established between a GigaVUE V Series Node and a GigaVUE HC Series, you can utilize the Configure Physical Tunnel option provided in the GigaVUE V Series Secure Tunnel page. This allows you to conveniently configure secure tunnels on your physical device. Refer to the Secure Tunnels section.

    In

    Choose In (Decapsulation) for creating an ingress tunnel, which will carry traffic from the source to the GigaVUE V Series Node.

    IP Version

    The version of the Internet Protocol. Select IPv4 or IPv6.

    Remote Tunnel IP

    For ingress tunnel, the Remote Tunnel IP is the IP address of the tunnel source.

    VXLAN Network Identifier

    Unique value which is used to identify the VXLAN. The value ranges from 1 to 16777215.

    Source L4 Port

    The port from which the connection will be established to the target. For example, if A is the source and B is the destination, this port value belongs to A.

    Destination L4 Port

    The port to which the connection will be established from the source. For example, if A is the source and B is the destination, this port value belongs to B.

    Out

    Choose Out (Encapsulation) for creating an egress tunnel from the GigaVUE V Series Node to the destination endpoint.

    Remote Tunnel IP

    For egress tunnel, the Remote Tunnel IP is the IP address of the tunnel destination endpoint.

    MTU

    The Maximum Transmission Unit (MTU) is the maximum size of each packet that the tunnel endpoint can carry. The default value is 1500.

    Time to Live

    Enter the value of the time interval for which the session needs to be available. The value ranges from 1 to 255. The default value is 64.

    DSCP

    Differentiated Services Code Point (DSCP) is a value that network devices use to identify traffic to be handled with higher or lower priority. The values ranges from 0 to 63 with 0 being the highest priority and 63 being the lowest priority.

    Flow Label

    Unique value, which is used to identify packets that belong to the same flow. A flow is a sequence of packets that need to be treated as a single entity that may require special handling. The accepted value is between 0 and 1048575.

    VXLAN Network Identifier

    Unique value which is used to identify the VXLAN. The value ranges from 1 to 16777215.

    Source L4 Port

    The port from which the connection will be established to the target. For example, if A is the source and B is the destination, this port value belongs to A.

    Destination L4 Port

    The port to which the connection will be established from the source. For example, if A is the source and B is the destination, this port value belongs to B.

    TLS-PCAPNG

    Traffic Direction

    The direction of the traffic flowing through the GigaVUE V Series Node.

    Note:  In the scenario where secure tunnels need to be established between a GigaVUE V Series and a GigaVUE HC Series, you can utilize the Configure Physical Tunnel option provided in the GigaVUE V Series Secure Tunnel page. This allows you to conveniently configure secure tunnels on your physical device . Refer to Secure Tunnels section.

    In

    IP Version

    The version of the Internet Protocol. Only IPv4 is supported.

    Remote Tunnel IP

    For ingress tunnel, the Remote Tunnel IP is the IP address of the tunnel source.

    MTU

    The Maximum Transmission Unit (MTU) is the maximum size of each packet that the tunnel endpoint can carry. The default value is 1500.

    Source L4 Port

    The port from which the connection will be established to the target. For example, if A is the source and B is the destination, this port value belongs to A.

    Destination L4 Port

    The port to which the connection will be established from the source. For example, if A is the source and B is the destination, this port value belongs to B.

    Key Alias

    Select the Key Alias from the drop-down.

    Cipher

    Only SHA 256 is supported.

    TLS Version

    Only TLS Version 1.3.

    Selective Acknowledgments

    Enable to receive the acknowledgments.

    Sync Retries

    Enter the number of times the sync has to be tried. The value ranges from 1 to 6.

    Delay Acknowledgments

    Enable to receive the acknowledgments when there is a delay.

    Out

    IP Version

    The version of the Internet Protocol. Only IPv4 is supported.

    Remote Tunnel IP

    For ingress tunnel, the Remote Tunnel IP is the IP address of the tunnel source.

    MTU

    The Maximum Transmission Unit (MTU) is the maximum size of each packet that the tunnel endpoint can carry. The default value is 1500.

    Time to Live

    Enter the value of the time interval for which the session needs to be available. The value ranges from 1 to 255. The default value is 64.

    DSCP

    Differentiated Services Code Point (DSCP) is a value that network devices use to identify traffic to be handled with higher or lower priority. The values ranges from 0 to 63 with 0 being the highest priority and 63 being the lowest priority.

    Flow Label

    Unique value which is used to identify packets that belong to the same flow. A flow is a sequence of packets that need to be treated as a single entity that may require special handling. The accepted value is between 0 and 1048575.

    Source L4 Port

    The port from which the connection will be established to the target. For example, if A is the source and B is the destination, this port value belongs to A.

    Destination L4 Port

    The port to which the connection will be established from the source. For example, if A is the source and B is the destination, this port value belongs to B.

    Cipher

    Only SHA 256 is supported.

    TLS Version

    Only TLS Version 1.3.

    Selective Acknowledgments

    Enable to receive the acknowledgments.

    Sync Retries

    Enter the number of times the sync has to be tried. The value ranges from 1 to 6.

    Delay Acknowledgments

    Enable to receive the acknowledgments when there is a delay.

    UDP:

    Out

    L4 Destination IP Address

    Enter the IP address of the tool port or when using Application Metadata Exporter (AMX), enter the IP address of the AMX application. Refer to Application Metadata Exporter for more detailed information.

    Source L4 Port

    The port from which the connection will be established to the target. For example, if A is the source and B is the destination, this port value belongs to A.

    Destination L4 Port

    The port to which the connection will be established from the source. For example, if A is the source and B is the destination, this port value belongs to B.

  4. Click Save.

To delete a tunnel, select the required tunnel and click Delete.

To apply a threshold template to Tunnel End Points, select the required tunnel end point on the canvas and click Details. The quick view appears, click on the Threshold tab. For more details on how to create or apply a threshold template, refer to the Monitor Cloud Health topic.

Tunnel End Points configured can also be used to send or receive traffic from GigaVUE HC Series and GigaVUE TA Series. Provide the IP address of the GigaVUE HC Series and GigaVUE TA Series as the Source or the Destination IP address as required when configuring Tunnel End Points.

After configuring the tunnels and deploying the Monitoring Session, you can view the number of ingress and egress tunnels configured for a Monitoring Session. Click on the numbers of tunnels displayed to view the tunnel names and their respective ADMIN STATUS and HEALTH STATUS.