Configure Monitoring Session Options (OpenStack)

In the Monitoring Session page, you can perform the following actions in the TRAFFIC ACQUISITION and TRAFFIC PROCESSING tabs.

■   Enable Prefiltering
■   Enable Precryption
■   Apply Threshold Template
■   Enable User-defined applications
■   Enable Distributed De-duplication

TRAFFIC ACQUISITION

To navigate to TRAFFIC ACQUISITION tab, follow the steps given below:

  1. Go to Traffic > Virtual > Orchestrated Flows > Select your cloud platform.
  2. Select a Monitoring Session from the Monitoring Sessions list view on the left side of the screen and click the TRAFFIC ACQUISITION tab.

You can perform the following actions in the TRAFFIC ACQUISITION page:

Enable Prefiltering

To enable Prefiltering, follow the steps given below:

  1. In the Monitoring Session TRAFFIC ACQUISITION page, click Mirroring tab and click Edit Mirroring.
  2. Enable the Mirroring toggle button.
  3. Enable the Secure Tunnel button if you wish to configure Secure Tunnels. For more information about Secure Tunnel, refer to Configure Secure Tunnel (AWS).
  4. You can select an existing Prefiltering template from the Template drop-down menu, or you can create a new template using Add Rule option and apply it. Refer to Create Prefiltering Policy Templatefor more details on how to create a new template. Click the Save as Template button to save the newly created template.
  5. Click Save to apply the template to the Monitoring Session.

Enable Precryption

Rules and Notes

  • To avoid packet fragmentation, you should change the option precryption-path-mtu in UCT-V configuration file (/etc/uctv/uctv.conf) within the range 1400-9000 based on the platform path MTU.
  • Protocol version IPv4 and IPv6 are supported.
  • If you wish to use IPv6 tunnels, your GigaVUE-FM and the fabric components version must be 6.6.00 or above.

Note:  It is recommended to enable the secure tunnel feature whenever the Precryption feature is enabled. Secure tunnel helps to securely transfer the cloud captured packets or precrypted data to a GigaVUE V Series Node. For more detailed information refer to Secure Tunnels in in the respective GigaVUE Cloud Suite Deployment Guide.

To enable Precryption, follow the steps given below:

  1. In the Monitoring Session TRAFFIC ACQUISITION page, click Precryption tab.
  2. Enable the Precryption toggle button. Refer to Precryption™ topic for more details on Precryption.
  3. You can apply Precryption to a few selective components based on the traffic:

    Note:  If you wish to use Selective Precryption, your GigaVUE-FM and the fabric components version must be 6.8.00 or above.

    Applications:

    1. Click on the APPLICATIONS tab.
    2. The Pass All Applications is enabled by default. If you wish to use selective Precryption, disable this option.
    3. Select any one of the following options for Actions:
      1. Include: Select to include the traffic from the selected applications for Precryption.
      2. Exclude: Select to exclude the traffic from the selected applications for Precryption.
    4. Click Add. The Add Application widget opens.
    5. Select csv as the Type, if you wish to add the applications using a .csv file. Click Choose File and upload the file.
    6. Select Manual as the Type, if you wish to add the applications manually. Enter the Application Name and click + icon to add more applications.
    7. Click Apply.

    L3-L4

    1. You can select an existing Precryption template from the Template drop-down menu, or you can create a new template and apply it. Refer to Create Precryption Template for UCT-V for more details on how to create a new template.
  4. Enable the Secure Tunnel button if you wish to use Secure Tunnels. Refer to the Configure Secure Tunnel section in the respective GigaVUE Cloud Suite Deployment Guide.

Validate Precryption connection

To validate the Precryption connection, follow the steps:

■   To confirm it is active, navigate to the Monitoring Session dashboard and check the Precryption option, which should show yes.
■   Click Status, to view the rules configured.

Limitations

During Precryption, UCT-V generates a TCP message with the payload being captured in clear text. Capturing the L3/L4 details of this TCP packet by probing the SSL connect/accept APIs. The default gateway's MAC address will be the destination MAC address for the TCP packet when SSL data is received on a specific interface. If the gateway is incorrectly configured, the destination MAC address could be all Zeros.

TRAFFIC PROCESSING

To navigate to TRAFFIC PROCESSING tab, follow the steps given below:

  1. Go to Traffic > Virtual > Orchestrated Flows > Select your cloud platform.
  2. Select a Monitoring Session from the Monitoring Sessions list view on the left side of the screen and click TRAFFIC PROCESSING tab.

You can perform the following actions in the TRAFFIC PROCESSING page:

Apply Threshold Template

To apply threshold, follow the steps given below:

  1. In the Monitoring Session TRAFFIC PROCESSING page, select Thresholds under Options menu.
  2. Select the template you wish to apply from the drop-down. Click Apply. Refer to Traffic Health Monitoring section for more details on Threshold Template.

Enable User Defined Applications

To enable user defined application, follow the steps given below:

  1. In the Monitoring Session TRAFFIC PROCESSING page, click User Defined Applications under Options menu.
  2. Enable the User-defined Applications toggle button. Refer to User Defined Application section for more detailed information.

Enable Distributed De-duplication

Enabling the "Distributed De-duplication" option identifies duplicate packets across different GigaVUE V Series Nodes when traffic from various targets is routed to these instances for monitoring. Refer to Distributed De-duplication section for more details.

Notes:
  • Distributed De-duplication is only supported on V Series version 6.5.00 and later.
  • From version 6.9, Traffic Distribution option is renamed to Distributed De-duplication.