Gigamon® Visibility Fabric™ Overview and Configuration with Extended Labs (GVFOCL) - Lab Topology

 

Lab Topology

Online help
This lab provides a brief exploration of the CLI and online help and directs the student’s attention to various ways to leverage the online help capabilities so that the User Guide is rarely needed.

Port Behavior Setup
This lab shows the student how to define the mode for network and tool ports in both the GigaVUE CLI and the Fabric Manager GUI interface.

Pass-all Configuration
The first traffic forwarding configuration example will forward all packets received on a Network port to a Tool port. This is the simplest possible traffic forwarding configuration and the student will configure this type of map from the CLI as well as Fabric Manager.

Adding a VLAN Tag to ingress traffic
It can be useful to know where traffic was collected, since the same packet can be gathered at multiple points along the way to its destination. It is also useful to have tools sort traffic according to traffic origin. For exercise 4 you will modify the port settings to have the GigaVUE node insert a VLAN Tag into packets received.

Simple Flow Map Configuration
Instead of indiscriminately forwarding everything flow maps are highly flexible, easily reconfigured sets of instructions for forwarding selected traffic from one or more Network ports over to one or more Tool ports. The you will configure a simple filter condition to forward only IP version 4 traffic from a Network ingress port to a Tool egress port.

More Complex Flow Map Configuration with Rule Prioritization
After reviewing the configurations with the show map command or the show running command, the you will practice removing previously defined mappings and replace those maps using the same ports, but different rules. You will practice using overlapping filters.

Shared Collector Configuration
An additional type of rule, which may be configured is the special shared collector rule. In exercise 7, You will configure a shared collector in the CLI and Fabric Manager to catch data that fails to meet the conditions defined in previously defined rules.

User-Defined Attribute (UDA) Filter
User-defined pattern matching supports either one or two 16-byte pattern matches in a map rule. For this lab you will configure a UDA filter for Q-in-Q inside VLAN Tag 102 within a stacked-tag packet.

Tool Mirror
Network owners are often faced with upgrading existing security and monitoring tools, or acquiring new security or monitoring capabilities. In this lab you will replicate traffic destined for one Tool egress port and sent an identical copy to a second Tool egress port as if you were performing a side-by-side Proof-of-Concept evaluation.

Replication and Egress Filtering
Replication is one of the most common uses of a Visibility Fabric. Only one tool can connect to any single SPAN or TAP port. To grant equal access to the same traffic stream you must replicate the packets. In this lab you will configure destination Tool ports to receive a complete and identical copy of the selected traffic stream.

The egress filter example takes replication to the next level. You will configure an egress filter that allows only a subset of the web traffic to be sent to an attached tool.

Hybrid Ports
A Hybrid port is similar to a Tool port, except that Tool ports are exclusively output ports while Hybrid ports can also be used as a Network ingress port for additional maps. In this lab you will configure a Hybrid port loopback function to allow any traffic forwarded to a port by any map or pass-all to be made available to other mapping operations.

Tool GigaStream
Assume that the volume of web traffic, which is selected by the map exceeds the processing power or link capacity for the web analyzer attached to a Tool egress port, and a second web analyzer is required to process the load. You will reconfigure an existing map so that the web traffic is divided between Tool ports using a Tool GigaStream.

Port-Pair
A port-pair is a bidirectional connection in which traffic arriving on one port in the pair is transmitted out the other (and vice-versa). You will configure port pairs to operates like a TAP so that the copied output is available to the backplane of the GigaVUE node.

Removing All Configurations
When moving a node from one location to another, before adding a node to a cluster, or in situations such as this training class the configuration needs to be removed. During this lab you will practice techniques to remove Maps and configuration elements from the GigaVUE node.

GigaSMART Application: De-duplication
The most commonly used GigaSMART feature is packet de-duplication. De-duplication is required when traffic is gathered from multiple collection points, or when SPAN/Mirror traffic includes both ingress and egress packets. In this lab you will create a GigaSMART operation (gsop) which will perform de-duplication. Associate the operation with the engine group which you define and create a map configuration which includes the de-duplication operation.

GigaSMART Service: Tunneling
Tunneling is configured in two parts: the source encapsulation end, and the destination decapsulation end. The lab provided will show GigaSMART to GigaSMART tunneling implementation which includes both a sending and a receiving configuration. You will create a GigaSMART operation, which will perform tunnel encapsulation and associate the operation with the engine group which you define.

GigaSMART Service: Header Stripping
While a number of tools are VLAN aware, and a few are even MPLS aware, there are a lot more headers tags and tunnel types found on inter-switch links than most tools can accommodate. The GigaSMART header stripping service is able to remove various headers. You will create a GigaSMART operation and service chain which will perform header stripping and VLAN tagging and associate the operation with the GigaSMART engine group which will be performing the header stripping operation.

GigaSMART Service: Packet Slicing
As one of many possible actions that may be used to improve compliance requirements for protection of sensitive information such as credit card numbers and patient data, packets may be sliced before they are forwarded to monitoring and security tools. Header-only packets are well suited for general statistics and trending. You will Create a GigaSMART operation which will perform packet slicing using a relative offset and associate the operation with the GigaSMART engine group which will be performing the header stripping operation.

GigaSMART Service: Masking
Masking is used to safeguard sensitive information. Like slicing, masking is one of many possible actions that may be used to improve compliance for protection of sensitive information such as credit card numbers and patient data. You will create a GigaSMART operation which will perform packet slicing and use a specific hex value to overwrite dataand then associate the operation with the GigaSMART engine group which will be performing the header masking operation.

GigaSMART Service: Source ID
The GigaSMART Source ID (or Source Port Labeling) feature appends a Gigamon Trailer to packets received on Network ports associated with the GigaSMART operation. You will create a map which includes the GigaSMART operation for Source Port Labeling.

GigaSMART Application: Load Balancing
Simple division and redistribution of a selected traffic stream to multiple tools is easily accomplished using a hash-based GigaStream. However, for more complex traffic distribution using traditional load balancing options such as round-robin or least-connections then GigaSMART load balancing is used. You will create a port group for several ports with smart load balancing enabled and create a GigaSMART operation that will perform stateless load balancing. You will also configure a hashing metric to specify parameters that will be used for hashing.

GigaSMART Application: Adaptive Packet Filtering
GigaSMART Adaptive Packet Filtering (APF) is different from the standard filtering options in that it supports both regular expressions and a second level filter capability. Header field matching is extended from just the first or outer header to include matching of encapsulated or tunneled inner header fields. In this lab you will create a GigaSMART engine group and a GigaSMART operation which enables APF operations, and add to it a second operation that will strip the VXLAN headers. You will also create a first level map that selects traffic for use by the second level map and second level maps that include the GigaSMART operation for APF.

GigaSMART Application: Application Session Filtering
The packet matching features of Adaptive Packet Filtering (APF) are leveraged for use with the Application Session Filtering (ASF) feature. This lab uses buffered and unbuffered ASF to detect forward that traffic to tool ports for security analyzers to inspect the traffic. In this lab you will use the workflow wizard to create a GigaSMART application and maps for ASF. Within the application parameters, you will determine the packet buffer size for buffered ASF operations and a GigaSMART operation that enables ASF.

GigaSMART Application: NetFlow Generation
NetFlow summaries from each map may be sent to between one and six NetFlow Collectors. Map are used to select traffic for summarization. In this lab you will create a NetFlow Monitor, NetFlow record and template as well as configure necessary parameters and tunnels for sending flow summaries. You wil also create maps and a GigaSMART operation for NetFlow Generation which makes use of configured parameters.

GigaSMART Application: FlowVUE
FlowVUE is a GigaSMART feature that was created in response to an industry need. Link capacity is growing faster than the ability for monitoring and security tools to analyze the traffic volume flowing through those same high capacity links. You will configure two FlowVue labs. The first lab will provide a sample of flows to and from a web server cluster. This represents sampling based on the ordinary or outer IP addressing. The second lab will provide a sample of flows passing through a mobile service provider GTP-u tunnel, and based on the inner or second level IP addressing.

GigaSMART Application: GTP Correlation
GPRS Tunneling Protocol (GTP) is used to carry mobile data across service provider networks and includes the control plane (GTP-c) and a user-data plane (GTP-u) traffic. The GigaSMART GTP correlation application helps carriers gain access to the subscriber’s data in these GTP tunnels by correlating and passing all of the identified subscriber’s control and data sessions to the analytics/monitoring probes and billing subsystems to ensure an accurate view of the session. In this lab you will create a first level map that will forward all GTP Traffic to a virtual port and form a bridge between a first level map and a second level map.. Modify global GTP Correlation parameters for a GigaSmart engine group and configure second level maps using wildcard masks to match subscriber prefixes for GTP Correlation operations.

GigaSMART Application: SSL Decryption
Encryption is the cornerstone technology that helps keep email, e-commerce, voice-over-IP, online banking, remote health, and countless other Internet services secure. During this lab you will configure the global engine group parameters to include associations for pairs of specific private keys and service for the decryption operations that will be performed by the GigaSmart engine group. You will also create a key-map using the private key and the service created as well as a GigaSMART operation that will perform SSL decryption.
Inline Bypass Configuration
Inline bypass is different from other Gigamon features in one important aspect: it represents a part of the primary path and can affect production network connectivity. In this lab you will Reconfigure the default bypass port pairs for use, create an Inline map for serial tools, and another for load-balanced tools operating in parallel. You will also create port pairs for IPS, Malware and Web Application Firewall (WAF) inline tools.