Gaining Pervasive Visibility in to the AWS Instances That may or may not Support VPC Mirroring (5.13)

Introduction

Data centers have undergone a tremendous transformation over the last two decades resulting in the rise of heterogeneous workloads on physical, virtual, and cloud platforms. In cloud platforms, such as AWS, the VPC mirroring feature can only be enabled on workloads part of a supported fleet of instance types listed by AWS. Workloads that cannot be monitored by VPC mirroring, an alternate solution is required to mirror the traffic for inspection. In such scenarios, enterprises can take advantage of the network traffic visibility solution offered by GigaVUE Cloud Suite. This solution mirrors utilizes native AWS VPC mirroring feature for supported EC2 instances and G-vTAP based mirroring for non-supported legacy EC2 instances thus providing pervasive visibility within an AWS environment.

Please check with your Gigamon Sales contact or Gigamon Support for more information regarding support for the cloud/virtualization platform that you are considering.

Design Topology

 

Design Overview

The design depicts the deployment of GigaVUE Cloud Suite in the visibility tier of a centralized VPC. The visibility tier at the top comprises of the EC2 targets that are monitored by VPC mirroring and the one below comprises of EC2 targets that cannot be monitored by VPC mirroring. In the top tier, GigaVUE V Series 2.3.0 node is deployed for aggregating, filtering, and forwarding IPv4 traffic to the tools overVXLAN tunnel. In the bottom tier, G-vTAP agent is installed on the EC2 targets to acquire and forward IPv4 traffic over L2GRE tunnel to the V Series 1.7-1 node that enables aggregation, filtering, and forwarding of traffic to the tools over VXLAN tunnel. As observed from the topology, G-vTAP agent and V Series nodes support different tunnel encapsulations. Please refer to the user guide for more details.

This design presumes monitoring all the EC2 targets under consideration. Hence, the V Series nodes are configured to filter-in IPv4 traffic. However, you can choose to monitor specific EC2 targets either by configuring filtering rules to match the IP address of the specific hosts/interfaces or by configuring the inclusion and exclusion maps (refer to the Deployment Steps section).

A typical AWS deployment consists of the following cloud suite components: 

  • GigaVUE-FM (Fabric Manager): It provides an unified interface to deploy, configure, and troubleshoot the Gigamon solution.

  • G-vTAP Agent version 1.7-1: This is a lightweight agent for acquiring traffic on the EC2 targets that do not support VPC mirroring. These agents can monitor traffic over single or multiple vNICs.

  • GigaVUE-V Series Node version 2.3.0 (aka V Series 2.0): This is the traffic aggregator for the EC2 targets that support VPC mirroring. It supports various filtering and traffic optimization techniques to sanitize the traffic before forwarding to the tools.

  • G-vTAP Controller version 1.7-1: It is the control plane proxy between GigaVUE-FM and G-vTAP agents. This is not illustrated in the topology for simplicity.

  • GigaVUE-V Series Node version 1.7-1 (aka V Series 1.0): This is the traffic aggregator for the EC2 targets that do not support VPC mirroring. This node supports various filtering techniques to sanitize the traffic before forwarding to the tools.

  • GigaVUE V Series Controller version 1.7-1: This is the control plane proxy for managing the GigaVUE V Series 1.7-1 nodes in the environment. This is not illustrated in the topology for simplicity.

To learn more about this solution, read complete details on the Gigamon Community: Gaining Pervasive Visibility in to the AWS Instances that may or may not Support VPC Mirroring (5.13).