Gaining Visibility and Optimizing the Traffic Between Containerized Workloads for Seamless Monitoring (6.0)

Introduction

Cloud implementations have vastly transformed with digital transformation. In Cloud, the application services can be broken down as micro services and managed from different Containers. However, the communication between the containers on the same host introduces a new blind spot that can be exploited by the threat actors. This visibility gap can be addressed by Gigamon Cloud Suite which aggregates the traffic for further processing and monitoring. This GVD walks you through the scenario of traffic acquisition on Azure AKS cluster using Universal Container TAP (UCT) solution and subsequent packet processing using V-Series GigaSmart applications in an Azure cloud environment. 

Design Topology

UCT - Platform Agnostic - The above design topology is the generic topology which is applicable for all platforms, such as Azure AKS, AWS EKS, Native Kubernetes, VMware Tanzu and OpenShift.

Design Overview

This design illustrates deploying Gigamon Cloud Suite in an Azure cloud. Traffic on AKS clusters in the Azure cloud will be acquired using Linux Kernel Hook and forwarded to the V-Series nodes for traffic aggregation. The V-Series node will process the acquired traffic using GS applications and later forward it to tools.

Gigamon Cloud Suite in this solution consists of the following components:

  • GigaVUE-FM: A web-based fabric management and orchestration interface that provides a single-pane-of-glass visibility, management, and orchestration of both the physical and virtual traffic in the UCT.
  • UCT Controller: The management component of UCT to control and communicate with UCT Pods. UCT Controller collects the data from the UCT Pods and sends the collected statistics and heartbeats to GigaVUE-FM.
  • UCT Pod: The primary UCT module responsible for programming eBPF configurations, such as tapping containers, traffic to be filtered, adding tunnel encapsulation to the filtered traffic, and forwarding to the tools or to the GigaVUE V Series 2.0 nodes. UCT Pod also sends the statistics and heartbeats to UCT Controller.
  • GigaVUE V Series node: For aggregating all the traffic, optimizing the traffic by removing the duplicate packets, and forwarding the traffic to either new or existing tool probes.

In this GVD, we had primarily discussed deploying UCT solution on Azure AKS, but the same design and deployment steps can be re-used for other platforms too, such as AWS EKS with V-Series node on AWS cloud or Native Kubernetes with V-Series node using 3rd-party orchestration on any other platforms.

 

To learn more about this solution, read complete details on the Gigamon Community: Gaining Visibility and Optimizing the Traffic Between Containerized Workloads for Seamless Monitoring (6.0)