Application Intelligence allows users to gain insights into
network traffic behavior and patterns. Follow the steps provided in
the guide to configure and view application statistics.

Application Visualization:

Application Visualization enables users to visualize network
traffic data in a virtual environment. Learn how to configure
visualization settings and view application statistics for better
network monitoring.

User Defined Application:

Create custom rules for user-defined applications to tailor the
monitoring process according to specific requirements. The guide
provides instructions on rule creation and application setup.

Application Filtering Intelligence:

Configure application filtering intelligence to streamline data
processing and focus on specific applications. View statistics and
optimize filtering settings for efficient network monitoring.

Application Metadata Intelligence:

Utilize application metadata intelligence to extract valuable
metadata from network traffic. Configure metadata settings, view
statistics, and export metadata for further analysis.

Application Metadata Exporter:

Export application metadata using AMX for various purposes such
as control plane metadata export and enriched metadata for mobile
networks and cloud workloads. Follow the guide for deployment
options and configuration details.

GigaSMART NetFlow Generation:

Create NetFlow sessions for virtual environments and configure
intelligent solutions like slicing, masking, de-duplication, and
more for enhanced network visibility.

FAQ:

Q: How can I update the software version of GigaVUE V
Series?

A: To update the software version, please refer to the official
update instructions provided by Gigamon Inc. It is recommended to
follow the recommended procedures to ensure a smooth update
process.

Q: Can I customize the application visualization settings?

A: Yes, you can configure custom visualization settings based on
your monitoring requirements. The guide provides detailed steps on
how to tailor the visualization settings for your specific
needs.

“`

View Fullscreen

GigaVUE V Series Applications Guide
GigaVUE Cloud Suite
Product Version: 6.10 Document Version: 1.0
(See Change Notes for document updates.)

Copyright 2025 Gigamon Inc. All rights reserved.
Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. No part of this publication may be reproduced, transcribed, translated into any language, stored in a retrieval system, or transmitted in any form or any means without the written permission of Gigamon Inc.
Trademark Attributions
Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legaltrademarks. All other trademarks are the trademarks of their respective owners.
Gigamon Inc. 3300 Olcott Street Santa Clara, CA 95054 408.831.4000

GigaVUE V Series Applications Guide

Change Notes

When a document is updated, the document version number on the cover page will indicate a new version and will provide a link to this Change Notes table, which will describe the updates.

Product Version
6.10

Document Version
1.0

Date Updated
03/07/2025

Change Notes
The original release of this document with 6.10.00 GA.

Change Notes

GigaVUE V Series Applications Guide

Contents

GigaVUE V Series Applications Guide

Change Notes

Contents

GigaVUE V Series Application Guide

Overview of GigaVUE V Series Applications

Supported V Series Applications

Application Intelligence

Points to Note for Application Intelligence

Application Visualization

Configure Application Visualization for Virtual Environment

View Application Statistics for Application Visualization

Configure Filtering and Metadata Export for Selected Applications in

Application Visualization

User Defined Application

Create Rules for User Defined Application

Application Filtering Intelligence

Configure Application Filtering Intelligence for Virtual Environment 29

View Application Statistics for Application Filtering

Application Metadata Intelligence

Configure Application Metadata Intelligence for Virtual Environment 35

View Application Statistics for Application Metadata

Application Metadata Exporter

Export AMI output by AMX

Export of 3G/4G/5G Control Plane Metadata by AMX

Export of GigaVUE Enriched Metadata for Mobile Networks by AMX 43

Export of GigaVUE Enriched Metadata for Cloud Workloads by AMX 44

AMX Application Deployment Options

Prerequisites for Application Metadata Exporter

Rules and Notes

Configure Application Metadata Exporter Application

View Application Statistics for Application Metadata Exporter

Attributes for GigaVUE Enriched Metadata for Mobile Networks.

Attributes for GigaVUE Enriched Metadata for Cloud Workloads

GigaSMART NetFlow Generation

Contents

GigaVUE V Series Applications Guide

Create NetFlow Session for Virtual Environment Examples- Configuring Application Intelligence Solution with Other Applications
Slicing and Masking with Application Filtering Intelligence De-duplication with Application Metadata Intelligence
De-duplication
Feature Overview Configure De-duplication Application What’s Next Distributed De-duplication
Limitation
GENEVE Decapsulation
What’s Next
Header Stripping
Limitation Configure Header Stripping Application Create Custom Port Template
Load Balancing
What’s Next Enhanced Load Balancing
Masking
What’s Next
SSL Decrypt
Supported Protocols, Algorithms, and Ciphers for SSL Decrypt Configure SSL Decrypt
Upload SSL Keys Create SSL Service Key Mapping SSL Key Store Add SSL Decrypt to Monitoring Session What’s Next
PCAPng Application
Create Link Between UDP-in-GRE Tunnel and PCAPng Application Create Link Between PCAPng Application and Other Destinations What’s Next
5G-Service Based Interface Application
How SBI Application works Supported Platforms:
Rules and Notes Configuration of 5G-SBI Application

71
74 75 75
77
77 77 79 80 80
81
81
83
84 84 87
88
90 91
95
97
98
99 101 101 103 103 104 104 106
108
109 110 111
112
113 114 114 115

Contents

GigaVUE V Series Applications Guide

Configuration of 5G-SBI Application for 5G-Nokia Rules and Notes Configuration of 5G-SBI Application for 5G-Ericsson Adding CSV file for IP Mapping
5G-Cloud Application
Supported Platforms 5G-Cloud Casa vTAP Support
GVHTTP2 Application 5G-Cloud Application Configuration of 5G-Cloud Casa vTAP Limitations Rules and Notes 5G-Cloud Oracle and Nokia SCP Support Oracle SCP Nokia SCP GVHTTP2 Application 5G-Cloud Application Configuration of 5G-Cloud Oracle/Nokia SCP Limitations Rules and Notes FHA Dashboards for 5G-Cloud Applications 5G-Cloud Ericsson SCP Support Ericsson SCP How Ericsson SCP Solution works Configuration of 5G-Cloud Ericsson SCP FHA Dashboards for 5G-Cloud Applications
Slicing
What’s Next
Additional Sources of Information
Documentation How to Download Software and Release Notes from My Gigamon
Documentation Feedback Contact Technical Support Contact Sales
Premium Support The VÜE Community
Appendix – Casa vTap Statistics
GVHTTP2 Application 5G-Cloud Application
Glossary

115 118 119 121
122
122 122 123 123 123 129 129 130 130 130 131 131 132 141 142 143 143 143 144 146 152
153
154
156
156 159 159 160 161 161 161
162
162 166
169

Contents

GigaVUE V Series Applications Guide
GigaVUE V Series Application Guide
This guide describes the list of supported V Series Applications and how to add the V Series Applications to monitoring session and configure it. l Supported V Series Applications l Application Intelligence l De-duplication l GENEVE Decapsulation l Header Stripping l Load Balancing l Masking l SSL Decrypt l PCAPng Application l 5G-Service Based Interface Application l 5G-Cloud Application l Slicing

GigaVUE V Series Application Guide

GigaVUE V Series Applications Guide
Overview of GigaVUE V Series Applications
GigaVUE V Series Node is a virtual machine running in the customer’s infrastructure which processes and distributes network traffic. It plays the same role as an HC Series appliance in a physical deployment, running many of the same GigaSMART applications and feeding data to tools in a similar manner. Because GigaVUE V Series nodes reside in a virtual environment, inbound and outbound traffic is tunneled (because there are no physical device ports).
GigaVUE V Series Applications run on GigaVUE V Series Nodes. All these applications use Volume- Based License. Refer to Volume-Based License for more detailed information.
You can use these applications to optimize the traffic sent from your instances to the monitoring tools. GigaVUE Cloud Suite supports the following applications:
l Application Intelligence l De-duplication l GENEVE Decapsulation l Header Stripping l Load Balancing l Masking l SSL Decrypt l PCAPng Application l 5G-Service Based Interface Application l 5G-Cloud Application l Slicing
Refer to the Supported V Series Applications table for more information on the platforms in which these applications will be supported.

Overview of GigaVUE V Series Applications

GigaVUE V Series Applications Guide

Supported V Series Applications

GigaSMA RT Operation
Masking Slicing Deduplication Application Metadata Exporter
L2GRE Tunnel Encapsulatio n Refer to Create Ingress and Egress Tunnels section on the retrospectiv e GigaVUE Cloud Suite Deployment Guide. VXLAN Tunnel Encapsulatio

GigaVU E Cloud
Suite for AWS
ü ü ü ü
ü
ü

GigaVU E Cloud
Suite for
Azure
ü ü ü ü
û
ü

GigaVUE Cloud
Suite for OpenSta
ck
ü ü ü ü
ü
ü

GigaVU E Cloud Suite for VMwar e (VMwar e vCente r)
ü ü ü ü
ü
ü

GigaVUE Cloud
Suite for VMware (NSX-T)

GigaVUE Clo ud Suite for Third Party Orchestratio n

(Only when

deploying

GigaVUE

V Series

Node using

Third party

Orchestratio

GigaVU E Cloud Suite for Nutanix
ü ü ü ü
ü
ü

Supported V Series Applications

GigaVUE V Series Applications Guide

GigaSMA RT Operation

GigaVU E Cloud
Suite for AWS

GigaVU E Cloud
Suite for
Azure

GigaVUE Cloud
Suite for OpenSta
ck

Refer to Create Ingress and Egress Tunnels section on the retrospectiv e GigaVUE Cloud Suite Deployment Guide.

L2GRE

Tunnel

Decapsulati

Refer to Create Ingress and Egress Tunnels section on the retrospectiv e GigaVUE Cloud Suite Deployment Guide.

VXLAN

Tunnel

Decapsulati

Refer to Create Ingress and Egress

GigaVU E Cloud Suite for VMwar e (VMwar e vCente r)
ü
ü

GigaVUE Cloud
Suite for VMware (NSX-T)
ü
ü

GigaVUE Clo ud Suite for Third Party Orchestratio n
ü
ü

GigaVU E Cloud Suite for Nutanix
ü
ü

Supported V Series Applications

GigaVUE V Series Applications Guide

GigaSMA RT Operation

GigaVU E Cloud
Suite for AWS

GigaVU E Cloud
Suite for
Azure

GigaVUE Cloud
Suite for OpenSta
ck

Tunnels section on the retrospectiv e GigaVUE Cloud Suite Deployment Guide.

ERSPAN

Tunnel

Decapsulati

Refer to Create Ingress and Egress Tunnels section on the retrospectiv e GigaVUE Cloud Suite Deployment Guide.

UDPGRE

Tunnel

Decapsulati

Refer to Create Ingress and Egress Tunnels section on the retrospectiv e GigaVUE

GigaVU E Cloud Suite for VMwar e (VMwar e vCente r)
ü
ü

GigaVUE Cloud
Suite for VMware (NSX-T)
ü
ü

GigaVUE Clo ud Suite for Third Party Orchestratio n
ü
ü

GigaVU E Cloud Suite for Nutanix
ü
û

Supported V Series Applications

GigaVUE V Series Applications Guide

GigaSMA RT Operation

GigaVU E Cloud
Suite for AWS

GigaVU E Cloud
Suite for
Azure

GigaVUE Cloud
Suite for OpenSta
ck

Cloud Suite

Deployment

Guide.

GENEVE

Decapsulati

Header

Stripping

Adaptive

Packet

Filtering

(APF)

without

RegEx

Application

Session

Filtering

(ASF)

Application

Filtering

Intelligence

Application

Metadata

Intelligence

GigaSMART

NetFlow

Generation

Application

Visualization

Load

Balancing

GigaVU E Cloud Suite for VMwar e (VMwar e vCente r)
û
ü ü
ü
ü
ü
ü
ü ü

GigaVUE Cloud
Suite for VMware (NSX-T)
ü ü ü
ü
ü ü ü ü ü

GigaVUE Clo ud Suite for Third Party Orchestratio n
û ü ü
ü
ü ü ü ü ü

GigaVU E Cloud Suite for Nutanix
û ü ü
ü
ü ü ü ü ü

Supported V Series Applications

GigaVUE V Series Applications Guide

GigaSMA RT Operation

GigaVU E Cloud
Suite for AWS

GigaVU E Cloud
Suite for
Azure

GigaVUE Cloud
Suite for OpenSta
ck

SSL Decrypt

5G-Service

Based

Interface

Application

5G-Cloud

Application

GigaVU E Cloud Suite for VMwar e (VMwar e vCente r)
ü ü
ü

GigaVUE Cloud
Suite for VMware (NSX-T)
û ü
û

GigaVUE Clo ud Suite for Third Party Orchestratio n
ü ü
ü

GigaVU E Cloud Suite for Nutanix
ü û
û

Supported V Series Applications

GigaVUE V Series Applications Guide
Application Intelligence
Application Intelligence provides a comprehensive solution that: identifies the applications contributing to the network traffic. isolates preferred application-specific traffic and directs it to the appropriate tools. exports relevant application metadata for further analytics and analysis.
Application Intelligence provides the following capabilities for virtual nodes: Application Visualization Application Filtering Intelligence Application Metadata Intelligence Application Metadata Exporter
Points to Note for Application Intelligence
Point to note when configuring Application Intelligence: 1. For a monitoring domain, the following application can be configured only once, and all these applications must be configured in a single monitoring session. a. Application Visualization b. Application Filtering c. Application Metadata 2. For GigaVUE V Series Node version lesser than 6.3.00, Application Visualization, Application Filtering, Application Metadata, and Application Metadata Exporter (AMX) applications are not supported in the Monitoring Session.

Application Intelligence Points to Note for Application Intelligence

GigaVUE V Series Applications Guide

3. When undeploying and redeploying the Monitoring session which has the Application Intelligence application, ensure to follow the steps given below:
a. Go to Traffic > Virtual > Orchestrated Flows and select your cloud platform. The Monitoring Sessions page appears. Select the Monitoring Session for which you enabled Secure Tunnels. Click Actions > Undeploy. The monitoring session is undeployed.
b. Select the Monitoring Session for which you enabled Secure Tunnels. Click Actions > Edit. The Edit Monitoring Session Canvas page appears.
c. Add the Application Intelligence applications.
d. Modify the Number of Flows as per the below table:

Cloud Platform

Instance Size

Maximum Number of Flows

VMware AWS
Azure Nutanix

Large (8 vCPU and 16GB RAM) AMD – Large (c5n.2xlarge) AMD – Medium (t3a.xlarge) ARM – Large (c7gn.2xlarge) ARM – Medium (m7g.xlarge) Large (Standard_D8s_V4) Medium (Standard_D4s_v4) Large (8 vCPU and 16GB RAM)

200k 300k 100k 100k 200k 500k 100k 200k

NOTE: Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.
e. Click Deploy.
4. After adding the above-listed applications and deploying the Monitoring Session, you cannot edit the Number of flows and Fast Mode. For more detailed information on Number of flows and Fast Mode, refer to Number of Flows and Fast Mode.
5. Once the Number of flows is added in any of the above-listed applications, the same value is applied to all the above-listed applications configured in that Monitoring Session. You cannot change it.
6. Once Fast Mode is enabled in any of the above-listed applications, then it is enabled for all the above-listed applications configured in that Monitoring Session. You cannot change it.
7. You can also configure Application Intelligence with Precryption, prefiltering, and secure tunnels. Refer to Precryption, Prefiltering, and Secure Tunnels topics in the respective cloud deployment guides for more detailed information on how to configure these features.

Application Intelligence Points to Note for Application Intelligence

GigaVUE V Series Applications Guide
8. Small Form Factor for VMware ESXi is not supported when using applications like Application Visualization, Application Metadata, Application Filtering. Refer to Configure GigaVUE V Series Nodes for VMware ESXi section in GigaVUE Cloud Suite Deployment Guide – VMware (ESXi)more detailed information on how to deploy GigaVUE V Series Node, where you select the Form Factor.

Application Intelligence Points to Note for Application Intelligence

GigaVUE V Series Applications Guide
Application Visualization
Application Visualization identifies and monitors all applications contributing to the network traffic and reports on the total applications and the total bandwidth they consume over a select period. Application Visualization allows you to identify more than 3,200 applications. It displays the traffic statistics in bytes and packets.
Refer to the following topics for more detailed information on how to configure the application and view the statistics: l Configure Application Visualization for Virtual Environment l View Application Statistics for Application Visualization l Configure Filtering and Metadata Export for Selected Applications in Application
Visualization
Configure Application Visualization for Virtual Environment
Application Visualization can be configured in the Edit Monitoring Session Canvas Page. To add an Application Visualization application to the canvas, follow the steps given below:
1. Drag and drop Application Visualization from APPLICATIONS to the graphical workspace.
2. Click the Application Visualization application and select Details. The Application quick

Application Visualization

GigaVUE V Series Applications Guide

view appears. 3. In the Application quick view, enter or select the following details:

Parameter Description

Name

Enter a name for the application.

Description Enter the description.

Export Interval

The time interval in seconds at which the export must be done. The export interval is set to 300 seconds. It cannot be modified.

Advanced Settings

Number of Flows

The number of flows supported by the application. Refer to the following table for the maximum number of flows supported for VMware, AWS, Nutanix, and Azure platforms.

Cloud Platform

Instance Size

Maximum Number of Flows

VMware AWS
Azure Nutanix

200k 300k 100k 100k 200k 500k 100k 200k

Monitoring Fast Mode

NOTE: Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.
You can use this option, enable or disable the Application Visualization application functionality.
Enable the Fast Mode option for performance (less CPU cycles and less memory utilization) improvement. When the Fast Mode is enabled, some or all of the attributes of the applications will be disabled. If all the attributes of the application are disabled then the application itself is disabled. Refer to Fast Mode section for more information on the benefits and limitations of the Fast Mode.
NOTE: This option is disabled for NetVUE Base Bundle License.

4. Click Save.
View Application Statistics for Application Visualization

To view the application Statistics for the Application Visualization application, follow the steps given below:

Application Visualization

GigaVUE V Series Applications Guide
1. Click Traffic > Virtual > Orchestrated Flows > Select your cloud platform. 2. Select a monitoring session from the list view, click Actions > Edit. The Edit Monitoring
Session page appears. 3. Click the application and select Details. The Application quick view appears. 4. Click on STATISTICS tab. 5. You can view the following in the statistics page:
a. Total Traffic: Displays the total traffic of the network. Use the drop-down menus to change the parameters. You can use the Select Tags filter option to filter the traffic related to the selected application tags.
b. Total Applications : You can view all the applications and their bandwidth in the network. You can also perform filtering and exporting metadata for selected applications. Refer to Configure Filtering and Metadata Export for Selected Applications in Application Visualization for more detailed information on how to perform filtering and exporting metadata for selected applications.
c. Top 10 Applications: Click on the drop-down menu that displays All and select the Top 10 . Displays the Top 10 applications running in the network based on the metrics.
d. Top 10 Application Families: You can view a graphical representation of top 10 applications running in the network based on the metrics. When you hover over the Pie-chart, GigaVUE-FM shows the application families in the network.
You can view the statistics for past hour, past 24 hours, or past 7 days. GigaVUE-FM also allows you to view statistics for a particular period by selecting the date and time. The selected data and time must be with in the past 7 days.
GigaVUE-FM takes more than five minutes to display the application statistics since the export interval is fixed at five minutes. For the first fifteen minutes after creating the solution, if GigaVUE-FM receives traffic, it will show real-time data. If there is no traffic during this time, it will take at least eleven minutes to display the statistics once traffic is received.
Configure Filtering and Metadata Export for Selected Applications in Application Visualization
This section describes how to perform filtering and exporting metadata for selected applications when configuring Application Visualization. Refer to the following steps for more detailed information:
l Filter Traffic for Selected Applications l Export Metadata for Selected Applications

Application Visualization

GigaVUE V Series Applications Guide
Filter Traffic for Selected Applications
1. Click the Application Visualization application in the Monitoring Session Canvas page and select Details. The Application quick view appears.
2. Click on STATISTICS tab. 3. Click on the drop-down menu that displays Top 10 and select the All . 4. Select the applications for which you want to filter traffic.
NOTE: Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each application.
5. Click Actions > Filter Selected Applications. The Filter Selected Applications dialog box opens.
6. In the Filter Selected Applications dialog box, Select the existing Application Filtering map or New Map from the Send to Map drop-down menu. l New Map:Select this option if you wish to create a new application filtering map, to filter the traffic from the applications. l Existing map: Select this option if you have already configured an application filtering map and you wish to send the traffic for filtering to that map.
7. Under the Applications section, choose the traffic as pass or drop for the selected applications.
8. Click Send to Map.
NOTE: If the New Map option is selected from the Send to Map drop-down menu. Then, the map quick view appears. Refer to step 3, 4, 5, 6, and 7 in Configure Application Filtering Intelligence for Virtual Environmentsection for more detailed instructions on how to configure Application Filtering.
Export Metadata for Selected Applications
1. Click the Application Visualization application and select Details. The Application quick view appears.
2. Click on STATISTICS tab. 3. Click on the drop-down menu that displays Top 10 and select the All . 4. Select the applications for which you want to export metadata.
NOTE: Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each application.
5. Click Actions > Export Metadata for Selected Applications. The Export Metadata for Selected Applications dialog box opens.

Application Visualization

GigaVUE V Series Applications Guide
6. In the Export Metadata for Selected Applications dialog box, Select the existing Application Metadata application or New Exporter from the Send to Exporter dropdown menu. l New Application Metadata:Select this option if you wish to create a new application metadata, to export metadata from the applications. l Existing Application Metadata Application: Select this option if you have already configured an Application Metadata Intelligence application and you wish to send the traffic for exporting metadata from the applications.
7. Click Export.
NOTE: If the New Application Metadata option is selected from the Send to Exporters drop-down menu. Then, the application quick view appears. Refer to steps 3 and 4 in Configure Application Metadata Intelligence for Virtual Environment sectionConfigure Application Filtering Intelligence for Virtual Environmentfor more detailed instructions on how to configure Application Metadata application.

User Defined Application

This feature allows you to identify unclassified TCP, UDP, HTTP, and HTTPS applications and extract their application name and ID.

Refer to the following topic for more detailed information:
l Supported Protocols and Attributes l Mindata l Supported RegExp Syntax l Limitations l Create Rules for User Defined Application

Supported Protocols and Attributes

The DPI engine will match the rules defined based on the following protocols and attributes within the first 500 bytes of a packet payload.

For supported Regex patterns, refer Supported RegExp Syntax

Protoc Attribut Attribu Descripti Directi

http

cts-uri

Labels
Reque st URI

Partially Client Normaliz to ed URL Server

Support Example Value ed Data Type
REGEXP /fupload/(create_file|new_ slice|upload_slice)?.*upload_ token=.*

User Defined Application

GigaVUE V Series Applications Guide

(path + Only request)

ctsserver

Server Name

Web Server Name from URI or Host

Client to Server Only

mime_ type

MIME Type

Content type of Request or the Web page

Both, Client to Server or Server to Client

ctsuser_ agent

User Agent

Software / Browser used for request

Client to Server Only

ctsreferer

Referer URI

Source address where client got the URI

Client to Server Only

stcserver_ agent

Server Agent

Software used for the server

Server to Client Only

stclocation

Redire ct Locatio n

Destinati on address where the client is redirecte d to

Server to Client Only

ctscookie

Cookie (Raw)

Raw value of the HTTP Cookie

Client to Server Only

REGEXP (.*.)?gigamon.com REGEXP http
REGEXP mozilla REGEXP http://gigamon.com/ REGEXP NWS_TCloud_PX REGEXP .*/football/.*
REGEXP .*tEstCoOkie.*

User Defined Application

GigaVUE V Series Applications Guide

http2 ssl

header line

content

Conten Message

body

content

Both, Client to Server or Server to Client

cts-uri

Reque st URI

Partially Normaliz ed URL (path + request)

Client to Server Only

ctsserver

Server Name

Web Server Name from URI or Host

Client to Server Only

ctsuser_ agent

User Agent

Software / Browser used for request

Client to Server Only

ctsreferer

Referer URI

Source address where client got the URI

Client to Server Only

commo Domai n_name n
Name

Domain name from Client Hello message or the certificat e

stc-

Subjec List of

subject_ t Alt

host

Server to

REGEXP .*GIGAMON.* mindata = 206 Refer Mindata
REGEXP /fupload/(create_file|new_ slice|upload_slice)?.*upload_ token=.*
REGEXP (.*.)?gigamon.com
REGEXP mozilla REGEXP http://gigamon.com/
REGEXP (.*.)?gigamon.com
REGEXP (.*.)?gigamon.com

User Defined Application

GigaVUE V Series Applications Guide

rtmp tcp udp

alt_ name
ctspage_ url
stream
port stream
port

Name (s)
Page URL
Payloa d Data
Server Port

names which belong to the same certificat e

Client Only

URL of the webpage where the audio/vid eo content is streame d

Client to Server Only

Data payload for a packet, excludin g the header.

Server (listen) port number

Payloa d Data
Server Port

Data payload for a packet, excludin g the header
Server (listen) port

REGEXP http://www.music.tv/recorde d/1234567

REGEXP .*GIGAMON.* mindata = 70 Refer Mindata

UINT16 RANGE as REGEXP String

80-4350

REGEXP .*GIGAMON.*

mindata = 100

Refer Mindata

UINT16 RANGE as

80-4350

User Defined Application

GigaVUE V Series Applications Guide

sip icmp
ip

number

user_ agent

User Agent

Software used

Both, Client to Server or Server to Client

code

Messa ge Code

Code of the ICMP message

Both, Client to Server or Server to Client

typeval

Messa ge Type

Type of ICMP message

Both, Client to Server or Server to Client

address

Server IP Addres s

IP address of the server

dscp

DSCP Value

DSCP from Different ia ted Service (DS) Field in IP header

resolv_ DNS Server’s

REGEXP String REGEXP GVUE-release 6.2.0
UINT8 200 as REGEXP String
UINT8 10 as REGEXP String
IPV4 as 62.132.12.30/24 REGEXP String UINT8 33 as REGEXP String
REGEXP gigamon.com

User Defined Application

GigaVUE V Series Applications Guide

ipv6

name

Name DNS name

address

Server IP Addres s

IP address of the server

dscp

DSCP Value

DSCP from Different ia ted Service (DS) Field in IP header

IPV6 as 2001:0:9d38:6ab8:307b:16a REGEXP 4:9c66:5f4 String 2001:0:9d38::9c66:5f4/64
UINT8 43 as REGEXP String

Mindata

The mindata value is the number of payload bytes to buffer and match a given pattern. You can configure mindata value for HTTP content, TCP stream, and UDP stream. The buffer size is calculated from the start of the payload and the default buffer size is different for each protocol (HTTP – 206, TCP – 67, and UDP – 48.)

For example, for pattern “.*TEST.*” that may be present within the first 67 bytes of TCP payload, you can specify the mindata value as 4 (which is the length of the input string) or as 67 (which is the default buffer size of TCP payload). In case, the pattern is present in between 65 to 68 bytes of the payload and the mindata is specified as 4 or 67, it will not match. For this case, you must specify the mindata value as 68.

Supported RegExp Syntax

Pattern .

Description Matches any symbol

Searches for 0 or more occurrences of the symbol or character set that

precedes it

Searches for 1 or more occurrences of the symbol or character set that

precedes it

Searches for 0 or 1 occurrence of the symbol or character set that

precedes it

( )

Groups a series of expressions together

User Defined Application

GigaVUE V Series Applications Guide

[ ]

Matches any value included within the bracket at its current position

| [<start>-<end>]

Example: [Dd]ay matches Day and day
Separates values contained in ( ). Searches for any one of the values that it separates. Example: The following expression matches dog or cat: (dog | cat). Matches any value contained within the defined range (a hyphen indicates the range). You can mix character class and a hexadecimal range

<octal_ number>
x<hexadecimalnumber>x
[<characterset>]

Example: [AaBbCcDdEeFf0-9] Matches for a direct binary with octal input
Matches for a direct binary with hexadecimal input
Matches a character set while ignoring case. WARNING: Not performance friendly

Limitations
The maximum number of user defined application that can be configured is 120 per GigaVUE-FM. These applications can be spread across one or more application intelligence sessions.
The maximum number of rules that can be created per application is 8. The maximum number of protocols that can be configured per rule is 3.
Create Rules for User Defined Application

To create a new application:
You can create rules for User Defined Application in two ways:
1. Go to Inventory > Resouces > User-defined Applications. Refer to User Defined Applications section in GigaVUEGigaVUE Fabric Management Guide for details.
2. Go to Traffic > Virtual > Orchestrated Flows > Select your cloud platform. Follow the steps listed below:
a. Select a Monitoring Session from the list view. Navigate to TRAFFIC PROCESSING tab. The GigaVUE-FM canvas page appears.

b. In the canvas, click on the processing elements.

icon on the left side of the page to view the traffic

c. Select User Defined Applications under Options menu.

User Defined Application

GigaVUE V Series Applications Guide
d. Enable the User-defined Applications toggle button. e. Click New Application. The New Application page appears. f. Enter the User-Defined Application Name. g. Enter Priority. The value must be between 1 and 120.
NOTE: The lowest value has the highest priority.
h. In the Rules dialog box, select the following details: · Choose the Protocol from the list of protocols. · Choose the Attributes from the list of attributes. · Choose the Values from the list of values.
Using the Actions Button, you can perform the following actions: i. Click Save.
To add the created applications to the Monitoring Session: 1. In the User Defined Applications tab, click Add Application button. 2. Select the applications that must be added. 3. Click Done.
After creating rules for User defined Applications, you can add it to Application Filtering when configuring the applications. Refer to Add Application section for more detailed information on how to add User defined Application when configuring Application Filtering.

User Defined Application

GigaVUE V Series Applications Guide
Application Filtering Intelligence
Application Filtering Intelligence allows filtering of traffic based on the application (such as YouTube, Netflix, Sophos, or Facebook) or application family (such as antivirus, web, erp, or instant-messaging) or application tags. Enables traffic filtering by layer 7 applications, which means you can filter out high-volume, low-risk traffic from reaching the tools and distribute high-risk network traffic of interest to the right tool at the right time.
Refer to the following topics for more detailed information and step-by-step instructions on how to configure Application Filtering Intelligence application and view the staistics: l Configure Application Filtering Intelligence for Virtual Environment l View Application Statistics for Application Filtering
Configure Application Filtering Intelligence for Virtual Environment
Application Filtering Intelligence (AFI) can be configured in the Monitoring Session Canvas. To add Application Filtering application to the canvas, follow the steps given below:
1. Drag and drop New Map from New to the graphical workspace. 2. Click the application and select Details. The Application quick view appears. 3. Enable Application Filtering in the GENERAL tab.

Application Filtering Intelligence

GigaVUE V Series Applications Guide

4. In the Application quick view, enter or select the following details in the GENERAL tab:

Parameter Description

Name

Enter a name for the application.

Description Enter the description.

Application Filtering Settings

Bidirectional Enable or Disable Bi-Directional Flow behavior. Bi-Directional is enabled by default. Disable this option for Uni-Directional Flow behavior.

Timeout

Specify the traffic flow inactivity timeout, in seconds. The session will be removed due to inactivity when no packets match.

Buffer

This option is enabled by default.

Buffer Count Before

Number of packets that should be buffered until the flow is identified. If the flow is not identified even after reaching the maximum number of packets buffered, then all the subsequent packets of this session will be dropped.

Protocol

Select the Protocol. The packet matching the selected protocol will be filtered. The default value is TCP-UDP.

Packet Count Enable or Disable Packet Count. Packet Count is disabled by default.

Number of packets
NOTE: This field appears only when Packet Count field is enabled.

Specifies the number of packets to forward to the tool port for each session match. After the packet count is reached, subsequent packets for the session are dropped. The packet count includes the packet that triggered the creation of the session. The default is disable, which means that all packets will be forwarded to the tool port. The range is from 2 to 100.

Session Fields

Session Field The Packet fields to be considered for creating the Session / traffic flow (Session key fields)

Action

Add or Remove ‘VlanId’ Packet field for creating the session / traffic flow.

Application Filtering Intelligence

GigaVUE V Series Applications Guide

Parameter Description

Advanced Settings

Number of Flows

The number of flows supported by the application. Refer to the following table for the maximum number of flows supported for VMware, AWS, and Azure platforms.

Cloud Platform

Instance Size

Maximum Number of Flows

VMware AWS
Azure Nutanix

200k 300k 100k 100k 200k 500k 100k 200k

NOTE: Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.

Fast Mode

Enable the Fast Mode option for performance (less CPU cycles and less memory utilization) improvement. When the Fast Mode is enabled, some or all of the attributes of the applications will be disabled. You can view the list of attributes/applications available in the fast mode by navigating to the app editor under AMI feature in the GigaVUE-FM. If all the attributes of the application are disabled then the application itself is disabled. Refer to Fast Mode section for more information on the benefits and Limitations of the Fast Mode.

Application Filtering Intelligence

GigaVUE V Series Applications Guide

5. Click the RULESETS tab. Through the map, packets can be dropped or passed based on the highest to lowest rule priority. You can add 5 rule sets on a map. Each rule set can have only 25 rules per map and each rule can have a maximum of 4 conditions.
Enter the following details for each of the Rule Set created:

Parameter Priority AE ID Actions
RULES Rule

Description
A priority determines the order in which the rules are executed. The priority value can range from 1 to 5, with 1 being the highest and 5 is the lowest priority. Application Endpoint ID will be used as source or destination object for creating or connecting links Using this option, you can perform the following functions: New Ruleset- Use to add a new Rule Set.
NOTE: A maximum of 5 Rule Sets can be created. New Rule- Use to add a New Rule
NOTE: A maximum of 25 Rules can be created per rule set. Delete this Ruleset- Use to delete the Ruleset
Use the toggle button to Pass or Drop the traffic through the map.

Application Filtering Intelligence

GigaVUE V Series Applications Guide

Parameter Condition

Description
Select any one of the conditions from the drop-down menu and search or select the attributes. Use the + and – buttons to add or remove a condition with a Rule.

Click

and select Add Condition to add more conditions.

NOTE: A maximum of 4 conditions can be created per Rule.

APPLICATION FILTERING

Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each application.

Add Application

Click on the Add Application button. The Add Application dialog box opens.

Select a Type. The available options are:

l Application Family: Each application is mapped only mapped to one Application Family

Select an Application Family and the Applications that needs to be filtered from the traffic.
In the Traffic Action column, select Pass or Drop to pass or drop the traffic. You can also use Pass All or Drop All to allow or drop the traffic for all the applications.

l Application Tag: Each application can be mapped to one or more Application Tags.

Select an Application Tag and the Applications that needs to be filtered from the traffic.
In the Traffic Action column, select Pass or Drop to pass or drop the traffic. You can also use Pass All or Drop All to allow or drop the traffic for all the applications.

User Defined Applications: To configure User Defined Applications for AFI, follow the steps given below.

a. Enable User Defined Applications toggle button in the Options page. Refer to User Defined Application topic for more detailed information on what is user defined applications and how to configure it.

b. In this Add Application dialog box, select User Defined Applications from the Application Family list.

6. To pass or drop any remaining traffic in the network, enter the priority and AE ID in the default rule set available. Select Pass or Drop option for Any Remaining Traffic field.
7. Click the THRESHOLDS tab. For more details on how to create and apply threshold template, refer to Traffic Health Monitoring section in the respective cloud deployment guides.

Application Filtering Intelligence

GigaVUE V Series Applications Guide
8. To reuse the configuration, click Add to Library. Save the application filtering configurations using one of the following ways: a. Select an existing group from the Select Group list or create a New Group with a name. b. Enter a description in the Description field, and click Save. c. The saved map can be found in the Map Library in the Edit Monitoring Session Canvas Page.
9. Click Save.
To edit a map, select the map and click Details, or click Delete to delete the map.
When using the Application Filtering application, you can either use a single tunnel, to tunnel all the filtered traffic from the application or use a separate tunnel for each rule configured.
View Application Statistics for Application Filtering
To view the application Statistics for the Application filtering application, follow the steps given below:
1. Click Traffic > Virtual > Orchestrated Flows > Select your cloud platform. 2. Select a monitoring session from the list view, click Actions > Edit. The Edit Monitoring
Session page appears. 3. Click the application and select Details. The Application quick view appears. 4. Click on STATISTICS tab. 5. You can view the following in the Application Filtering application statistics page:
a. Rules – Displays the rules created in this application. b. Pass App (Bytes) – Displays the packet that pass through the applications selected. c. Drop App (Bytes) – Displays the packets that are dropped by the applications
selected. d. Pass Rule (Bytes) – Displays the packet that pass through the rule sets configured. e. Drop Rule (Bytes) – Displays the packets that are dropped by the rule sets
configured.

Application Filtering Intelligence

GigaVUE V Series Applications Guide
Application Metadata Intelligence
Application Metadata Intelligence allows you to export metadata from applications that are detected in the network traffic. The records can be exported to a collector either in IPFIX or CEF format through the IP interface or the management interface. You can also use the application metadata attributes for purposes other than security, such as to determine the network or application health, to track the long-lived sessions seen in the network, and so on.
Application Metadata Intelligence generates more than 5000 attributes for more than 3200 applications without impacting the users, devices, applications, or the network appliances. The feature identifies applications even when the traffic is encrypted.
Application Metadata Intelligence (AMI) is enabled to multi-collect protocols with more than one metadata attribute of the same type. The multi-collect feature supports additional protocols such as DNS, GTP,GTPV2, DHCP, HTTP, HTTPS, SSL, HTTP_PROXY, HTTP2, KERBEROS5, and DHCP6.
The generated metadata is exported in IPFIX (IP Flow Information Export) format and CEF (Common Even Format) to security analytics and forensics tools thereby providing greater visibility to enforce corporate compliance.
The output from the Application Metadata Intelligence in CEF format can also be converted to JSON format using Application Metadata Exporter (AMX) application. To learn more about AMX application refer to Application Intelligence–Application Metadata Exporter
Refer to following topics for more detailed information and step-by-step instructions on how to configure Application Metadata Intelligence and view the statistics:
l Configure Application Metadata Intelligence for Virtual Environment l View Application Statistics for Application Metadata
You can convert the output from the Application Metadata Intelligence (AMI) which is in CEF format into JSON format and send it to the cloud tools and Kafka. Refer toApplication Metadata Exporter for detailed information on AMX and how to configure it..
Configure Application Metadata Intelligence for Virtual Environment
Application Metadata Intelligence (AMI) can be configured in the Monitoring Session Canvas. To add Application Metadata Intelligence application to the canvas, follow the steps given below:

Application Metadata Intelligence

GigaVUE V Series Applications Guide
1. Drag and drop Application Metadata from APPLICATIONS to the graphical workspace.
2. Click the Application Metadata application and select Details. The Application quick view appears.

Application Metadata Intelligence

GigaVUE V Series Applications Guide

3. In the Application quick view, enter or select the following details in the General tab:

Parameter Description

Name

Enter a name for the application.

Description Enter the description.

Application Metadata Settings

Flow Direction

Enable or Disable Bi-Directional Flow behavior. Bi-Directional is enabled by default. Disable this option for Uni-Directional Flow behavior.

Timeout

Specify the traffic flow inactivity timeout, in seconds. The session will be removed due to inactivity when no packets match.

Multi Collect

Enable: Enables the multi-collect of attributes within a given Metadata Store cache which means that if a configured attributes is seen in multiple packets within the same flow, each of these information is collected. Multi Collect is enabled by default, when a new cache is created. Multi Collect is enabled, when upgraded from an older release.
Disable: Disables the multi-collect of attributes within a given Metadata Store cache.

NOTE: Do not enable this option if you are going to export the Application Metadata using the AMX application. There can be only one attribute in a JSON object, therefore Multi-collect is not supported when configuring the AMX application.

Data Link

If you want to include the VLAN ID along with the 5-tuple to identify the traffic flow, select the Data Link and enable the VLAN option.

Observation ID

Enter a value to identify the source from where the metadata is collected. The range is from 0 to 255. The calculated value of Observation Domain Id in Hexadecimal is 00 01 02 05, and in Decimal is 66053.

Enable DPI Packet limit

This field is used to restrict the number of packets in a particular session to be sent to the DPI engine instead of sending all the packets in order to improve the AMI performance. The value must range between 20 – 50 as the first 20 to 50 packets contains the most significant attributes.

Advanced Settings

Number of Flows

The number of flows supported by the application. Refer to the following table for the maximum number of flows supported for VMware, AWS, and Azure platforms.

Cloud Platform

Instance Size

Maximum Number of Flows

VMware AWS

Large (8 vCPU and 16GB RAM) AMD – Large (c5n.2xlarge) AMD – Medium (t3a.xlarge) ARM – Large (c7gn.2xlarge) ARM – Medium (m7g.xlarge)

200k 300k 100k 100k 200k

Application Metadata Intelligence

GigaVUE V Series Applications Guide

Parameter Description

Fast Mode
Aggregate Round-trip Time

Cloud Platform
Azure
Nutanix

Instance Size
Large (Standard_D8s_V4) Medium (Standard_D4s_v4) Large (8 vCPU and 16GB RAM)

Maximum Number of Flows
500k 100k 200k

NOTE: Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.

Enable the Fast Mode option for performance (less CPU cycles and less memory utilization) improvement. When the Fast Mode is enabled, some or all of the attributes of the applications will be disabled. If all the attributes of the application are disabled then the application itself is disabled. Refer to Fast Mode section for more information on the benefits and Limitations of the Fast Mode.

Enable this option to export the minimum, maximum, and mean of RTT values for the following list of supported protocols and attributes and also the aggregate of TCP Lost byte values collected per export time interval.

Protocol

Arrtibute

http icmp icmp6 ssh tcp tcp telnet wsp wsp

rtt rtt rtt rtt rtt rtt_app rtt connect_rtt query_rtt

Application Metadata Intelligence

GigaVUE V Series Applications Guide

4. In the Application quick view, enter or select the following details in the Exporters tab:

Parameter

Description

Exporter Name

Enter a name for the Exporter.

Actions

Using this option, you can perform the following functions:

Add Exporter – Use to add a new Exporter to this Application Metadata Intelligence Application. A maximum of 5 exporters can be added.
Save as New Template – Use to save the current configuration as a new custom tool template.
Delete this Exporter – Use to delete the Exporter.

Template

Use to select the tool template. Refer to Tool Templatessection in GigaVUE Fabric Management Guide for more information on tool templates and how to create custom tool templates.

Export Params

Select any one of the following options:

Application Name – Exports Application Name Attribute in AMI records. Enable this option to export Application Name attribute with network attributes
Application Family – Exports Application Family Attribute in AMI records. Enable this option to export Application Family attribute with network attributes
Application Tags – Exports Application Tag Attribute in AMI records. Enable this option to export Application Tag attribute with network attributes

Format

Select NetFlow or CEF

NetFlow: Select this option to use NetFlow

Record / Template type

Segregated – The application-specific attributes and the generic attributes will be exported as individual records to the tool.
Cohesive- The application-specific attributes and the generic attributes will be combined as a single record and exported to the tool.

NOTE: It is recommended to select Cohesive from the drop-down menu, as NetFlow exports network and transport parameters only.

Enable Maximum Packet Length

Enable this option to edit the interface MTU value.

Maximum Packet Length
(This option appears only when Enable Maximum Packet Length option is enabled)

Using this field, you can configure the maximum length of the packet that can be exported. Enter this value less than or equal to egress interface MTU value to avoid fragmentation. The value can range between 1280 and 9001.

Active Timeout

Enter the active flow timeout value in seconds.

Inactive Timeout

Enter the inactive flow timeout in seconds.

Version

Select the NetFlow version. The supported versions are V5, V9, IPFIX (V10).

Application Metadata Intelligence

GigaVUE V Series Applications Guide

Parameter

Description

Template Refresh Interval

Enter the time interval at which the template must be refreshed in seconds

CEF: Select this option to use CEF

Record / Template type

Active Timeout

Enter the active flow timeout value in seconds.

Inactive Timeout

Enter the inactive flow timeout in seconds.

APPLICATION & ATTRIBUTES:

Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each of the application. (Not applicable when using NetFlow V5, V9, NetFlow IPFIX(V10), or CEF when the flow direction is Uni-Directional in the above Template drop-down menu.)

Add Application

Click on the Add Application button. The Add Application dialog box opens.

Select a Type. The available options are:

l Application Family: Each application is mapped only mapped to one Application Family

Select an Application Family and the Applications that needs to be filtered from the traffic.
Attributes for the selected application is displayed in the Attribute column. You can select the required attributes.

l Application Tag: Each application can be mapped to one or more Application Tags.

Select an Application Tag and the Applications that needs to be filtered from the traffic.
Attributes for the selected application is displayed in the Attribute column. You can select the required attributes.

NETWORK & TRANSPORT PARAMETERS:

Select the Network and the transport packet attributes with the respective parameters

Data Link

Select any one of the parameters such as Source MAC address, Destination MAC Address and VLAN.

Interface

Select any one of the parameter such as Input Physical, Output Physical and Input Name.

Select the parameter as Version if required.

IPv4

Select the required attributes. By default, Source Address, Destination Address, and Protocol are enabled.

IPv6

Select the required attributes. By default, Source Address, Destination Address, and Next Header are enabled.

Application Metadata Intelligence

GigaVUE V Series Applications Guide

Parameter Transport
Counter Timestamp
Flow GTP-U Outer IPv4 Outer IPv6

Description
Select the required attributes. By default, Source Port, Destination Port are enabled. Select the Bytes, and Packets. Select the required timestamp such as System Uptime First, Flow Start, System Uptime Last, and Flow End. Select the parameter as End Reason if required. Select the required parameters such as QFI and TEID. Select any one of the parameter such as Source or Destination. Select any one of the parameter such as Source or Destination.

NOTE: The hostname of the GigaVUE V Series Node can be identified using the exporter header in the exporter record. Any changes to the hostname after deploying the Monitoring Session with the AMI application will not be reflected in the exporter record.
5. Click Save to deploy the Application Metadata application.
After adding the Application Metadata application and deploying Monitoring Session, you cannot change the Aggregate Round Trip time option.
When using Application Metadata, if you create a tunnel to tunnel the output to the tools, then select the tunnel type as UDP.
When using Application Metadata application, you can either use a single tunnel to export all the metadata from the application or use a separate tunnel for each exporter configured.

View Application Statistics for Application Metadata

To view the application Statistics for the Application Metadata application, follow the steps given below:
1. Click Traffic > Virtual > Orchestrated Flows > Select your cloud platform. 2. Select a monitoring session from the list view, click Actions > Edit. The Edit Monitoring
Session page appears. 3. Click the application and select Details. The Application quick view appears. 4. Click on STATISTICS tab. 5. You can view the following in the Application Metadata application statistics page:
a. Exporter Name – Displays the exporters created for this application. b. Format – Displays the format as NetFlow or CEF, for the individual exporters. c. Packet Sent/ Sec – Displays the count of packets sent per second for each exporter.

Application Metadata Intelligence

GigaVUE V Series Applications Guide
Application Metadata Exporter
Refer to the following topics for more detailed information on the various ways to configure AMX: l Export AMI output by AMX l Export of 3G/4G/5G Control Plane Metadata by AMX l Export of GigaVUE Enriched Metadata for Mobile Networks by AMX l Export of GigaVUE Enriched Metadata for Cloud Workloads by AMX
Export AMI output by AMX
Application Metadata Exporter(AMX) application converts the output from the Application Metadata Intelligence (AMI) in CEF format into JSON format and sends it to the cloud tools and Kafka Consumers.

The AMX application can be deployed only on a GigaVUE V Series Node and connected to Application Metadata Intelligence running on a physical node or a virtual machine. GigaVUE-FM manages the AMX application and the AMI.

Application Metadata Exporter

GigaVUE V Series Applications Guide
Export of 3G/4G/5G Control Plane Metadata by AMX
The AMX application can also export the 3G/4G control plane metadata received from the GTP Correlation engine and 5G control plane metadata received from the 5G CPN engine to the cloud tools and Kafka in Flat JSON format.
The AMX application can be deployed only on a GigaVUE V Series Node and can be connected to a GTP Correlation / 5G CPN engine running on a physical node.

Export of GigaVUE Enriched Metadata for Mobile Networks by AMX
The metadata enrichment enhances service provider analytics, by generating metadata on 5G/4G/3G network traffic. The AMX correlates the user plane metadata produced by AMI with the control plane metadata produced by the GTP/5G correlation mobility application to produce an enriched metadata feed for the mobile networks. This data feed helps with use cases like service personalization, planning, and many others by containing information about the
l Subscriber Session l Over the Top Application l Handset Type l Location l Flow throughput calculation attributes – DL, UL bytes, and time stamps. l Application Protocol l Core Network Information l User Tunnel Information

Application Metadata Exporter

GigaVUE V Series Applications Guide
Export of GigaVUE Enriched Metadata for Mobile Networks is supported only for GigaVUE V Series Node deployed using Third Party Orchestration on VMware ESXi. Refer to Configure GigaVUE Fabric Components using VMware ESXi for more detailed information on how to deploy GigaVUE V Series Node using Third Party Orchestration in VMware ESXi.
User Plane and Control Plane traffic from the following devices are supported for exporting GigaVUE Enriched Metadata for Mobile Networks: l GigaVUE-HC3 l GigaVUE-HC1-Plus
NOTE: For GigaVUE-HC1-Plus, the AMI application must be configured on the built-in engine to efficiently handle higher traffic loads. The plug-in engine can be used for the Control Plane traffic.
For information on Control Plane Metadata, refer to Control Plane Metadata.

Export of GigaVUE Enriched Metadata for Cloud Workloads by AMX
Required License: SecureVUE Plus License
GigaVUE Enriched Metadata for Cloud Workloads provides comprehensive situational awareness to address security and performance pain points in a timely manner. It enriches application metadata from N/S and lateral traffic with key host environment details that allow you to find critical information as follows:
l The location of the workloads hosted and their virtual network. l The operational environment to which the workloads belong. l The instance types used, images, and tags that the workload contains. l The host name, the security associations like security group name, IAM instance profile
name.

Application Metadata Exporter

GigaVUE V Series Applications Guide
Export of GigaVUE® Enriched Metadata (GEM) for Mobile Networks for Cloud Workloads is supported on the following cloud platforms:
l AWS l Azure l VMware (ESXi and NSX-T)
This feature works by using the inventory API which is queried in the following intervals.
l VMware: 300 sec l AWS: 30 sec l Azure: 60 sec
The default inventory query interval should suffice in most cases, however the interval can be customized in extreme situations. Please contact Gigamon Support for assistance.
In addition to the fixed intervals of polling the inventory, you can subscribe to the following optional services to get automatic updates from the workloads.
l AWS- Requires setup of SQS in AWS and event subscription settings to access it. l Azure – Requires setup of Storage Queue and Events Subscription and settings to access
it. l VMware – No additional configuration is required as the dynamic updates are supported
by default.
Refer to Prerequisites for Export of GigaVUE Enriched Metadata for Cloud Workloads for more detailed information.
AMX application performs the enrichment every 10 seconds. It picks the flow records, which are 15 seconds or older, to allow any delays in fetching the inventory details, and uses the IP address of the endpoints to enrich the records based on the selected attributes. Refer to the following figure for a high-level illustration of the solution. The solution can be deployed using GigaVUE-FM or Third Party Orchestration.

Application Metadata Exporter

GigaVUE V Series Applications Guide

The enrichment supported depends on the type of platform. Refer to Attributes for GigaVUE Enriched Metadata for Cloud Workloads for more details.
Refer to the following topics for more detailed information and configuration:
l AMX Application Deployment Options l Prerequisites for Application Metadata Exporter l Rules and Notes l Configure Application Metadata Exporter Application l View Application Statistics for Application Metadata Exporter l Attributes for GigaVUE Enriched Metadata for Mobile Networks. l Attributes for GigaVUE Enriched Metadata for Cloud Workloads
AMX Application Deployment Options
The output from the Application Metadata Intelligence or GTP Correlation Engine is sent to the AMX application, which exports it to the tools in the required formats. AMX application is always deployed in GigaVUE V Series Node. The GigaSMART application sending data to the AMX application can be on hardware or the GigaVUE V Series Node. Based on where the GigaSMART applications are, there can be four deployment methods:
NOTE: For exporting GigaVUE Enriched Metadata for Cloud Workloads, AMI should be deployed in GigaVUE V Series Nodes.
l On-Premises
o Hardware (AMI) o Hardware (Control Plane Metadata)

Application Metadata Exporter

GigaVUE V Series Applications Guide
o Virtual (VMware)
l Public Cloud
On-Premises
Hardware (AMI)
In hardware deployments, the Application Metadata Intelligence (AMI) runs on a physical node/cluster, and the AMX application is deployed on a GigaVUE V Series Node running on VMware ESXi. The output from the AMI in CEF format is sent to the AMX application in GigaVUE V Series Node. The performance of the device and the application is managed by GigaVUE-FM. The following devices support the integration of AMX application: l GigaVUE-HC1 l GigaVUE-HC3 l GigaVUE-HC1-Plus

Hardware (Control Plane Metadata)
In hardware deployments, the GTP Correlation Engine runs on a physical node/cluster, and the AMX application is deployed on a GigaVUE V Series Node running on VMware ESXi. The output from the GTP Correlation Engine in Flat JSON format is sent to the AMX application in GigaVUE V Series Node. The performance of the device and the application is managed by GigaVUE-FM. The GigaVUE-HC3 Gen3 devices support the integration of AMX application.

Application Metadata Exporter

GigaVUE V Series Applications Guide
Private Cloud (VMware) In the Private Cloud environment, the application is supported only on VMware and can be deployed in the VMware as shown in the diagram.

Application Metadata Exporter

GigaVUE V Series Applications Guide
Public Cloud
In the Public Cloud environment, the application is supported on AWS and Azure platforms, and can be deployed as shown in the diagram:

Prerequisites for Application Metadata Exporter
Prerequisites for AWS
Prerequisites to follow when creating a monitoring domain and deploying a GigaVUE V Series Node in AWS:
l Select Traffic Acquisition Method as Customer Orchestrated Source. Refer Create Monitoring Domain section in GigaVUE Cloud Suite Deployment Guide – AWSfor more detailed information on how to create a monitoring domain.
l Select Instance type with three or more NICs. Refer Configure GigaVUE Fabric Components in GigaVUE-FM for more detailed information on how to deploy a GigaVUE V Series Node.
l When the Traffic Acquisition Method is selected as Customer Orchestrated Source, the Volume Size field appears on the AWS Fabric Launch Configuration page. Enter the Volume Size as 80GB.

Application Metadata Exporter

GigaVUE V Series Applications Guide
Prerequisites for Azure
Prerequisites to follow when creating a monitoring domain and deploying GigaVUE V Series node in Azure:
l Select Traffic Acquisition Method as Customer Orchestrated Source. Refer Create Monitoring Domain section in the respective GigaVUE Cloud Suite Deployment Guide for more detailed information on how to create a monitoring domain.
l Select Size with three or more NICs. Refer Configure GigaVUE Fabric Components using VMware ESXi section in GigaVUE Cloud Suite Deployment Guide for more detailed information on how to deploy a GigaVUE V Series Node.
l When the Traffic Acquisition Method is selected as Customer Orchestrated Source, the Disk Size field appears on the Azure Fabric Launch Configuration page. Enter the Disk Size as 80GB.
Prerequisites for VMware
Prerequisites to follow when creating a monitoring domain and deploying GigaVUE V Series Node in VMware:
l Select Traffic Acquisition Method as Customer Orchestrated Source. Refer Create Monitoring Domain for VMware ESXi section in GigaVUE Cloud Suite Deployment Guide VMware (ESXi) for more detailed information on how to create a monitoring domain and deploy GigaVUE V Series Nodes.
l When the Traffic Acquisition Method is selected as Customer Orchestrated Source, select the Form Factor field as 80GB on the VMware Configuration page. Refer to Configure GigaVUE Fabric Components using VMware ESXi section in GigaVUE Cloud Suite Deployment Guide – VMware (ESXi) for more detailed information on how to deploy GigaVUE V Series Node.
l When uploading the OVF files for GigaVUE V Series Node deployment using third party orchestration, ensure to select the OVF files with 80GB disk space. Refer to the following topics for more detailed information. l Deploying GigaVUE V Series Node using Third Party Orchestration (VMware ESXi): Configure GigaVUE Fabric Components using VMware ESXi section in GigaVUE Cloud Suite Deployment Guide – VMware (ESXi) l Deploying GigaVUE V Series Node using Third Party Orchestration (VMware vCenter): Configure GigaVUE Fabric Components using VMware vCenter in GigaVUE Cloud Suite Deployment Guide – Third Party Orchestration.
Prerequisites for Export of GigaVUE Enriched Metadata for Cloud Workloads
This section provides the detailed steps that need to be performed in each platform for exporting the enriched metadata from cloud workloads.

Application Metadata Exporter

GigaVUE V Series Applications Guide
AWS:
The following section describes how to setup IAM roles with least privileges for exporting GigaVUE Enriched Metadata for Cloud Workloads:
1. Create two IAM roles. l First one is for AMX instance that gets launched to let it access assume role (sts) service. (AMXEC2Role) l Second one is with ec2ReadOnlyAccess permission. (AMXToAssumeRole)
2. Map the instance role to an assume role that has AmazonEC2ReadOnlyAccess permissions. a. Copy arn name of the AMXEC2Role. b. Click AMXToAssumeRole > Trust Relationships > Edit Trust Policy. c. Click Add a principal. d. Select IAM role as Principal Type. Paste the AMXEC2Role arn that was copied. This is the critical step of mapping two IAM roles. e. Click Add principal > Update Policy
3. Add the arn of AMXToAssumeRole in AMX ingestion configuration options. a. Copy the arn and add as aws_assume_role_arn in AWS ingestion configuration. b. If aws_assume_role_arn is configured, there is no need to provide token and keys.
4. (optional) Create an SQS queue. Refer to Create a queue using the Amazon SQS console in AWS documentation for more detailed information.
5. (optional) Create an EventBridge Rule. In the Select Target field, select the SQS queue created in the previous step. Refer to Creating rules that react to events in Amazon EventBridge in AWS documentation for more detailed information.
6. (optional) Add SQS URL in AMX ingestion configuration options.
Copy the url and add as aws_sqs_url in AWS ingestion configuration.
Azure:
The following instructions need to be configured in Azure for exporting enriched metadata from Azure workloads:
1. Create a Storage Account under the Resource Group. Refer to Create an Azure storage account in Azure documentation for more detailed information.
2. Create a Storage Queue under the Storage Account. Refer to Quickstart: Create a queue and add a message with the Azure portal in Azure Documentation for more detailed information.
3. Under the Storage Account > Access Control (IAM). Select “Storage Queue Data Contributor” and select your ID to add the IAM role. Refer to Assign Azure roles using the Azure portal for more detailed information on how to assign roles.

Application Metadata Exporter

GigaVUE V Series Applications Guide
4. (optional) Create an Event subscription. Refer to Create an event subscription section in Azure documentation.
5. In the Storage queue, switch the Authentication method to Access key.
The following section describes how to setup IAM permissions in Azure for exporting GigaVUE Enriched Metadata for Cloud Workloads:
Register an application and assign a role to the application with the following set of minimum IAM permissions. Refer to Register an application with Microsoft Entra ID and create a service principal and Assign a role to the application in the Azure documentation for more detailed information.
Minimum IAM permission required:
Microsoft.Network/virtualNetworks/read Microsoft.Network/publicIPAddresses/read Microsoft.Network/networkSecurityGroups/read Microsoft.Compute/virtualMachineScaleSets/read Microsoft.Compute/virtualMachines/read Microsoft.Compute/images/read Microsoft.Network/networkInterfaces/read Microsoft.Resources/subscriptions/read Microsoft.Resources/subscriptions/resourceGroups/read
VMware:
The following are the prerequisites required:
l URL – The URL of VMware vCenter. l Username – Username of the VMware vCenter l Password – vCenter password used to connect to the vCenter l Self Signed Certificate
l True – When self signed certificate = true, use the default certificate. l False – When self signed certificate = false, a PKI certificate must be used. Refer to
Replace the Default Certificate with a Custom Certificate Using the vSphere Client section in VMware documentation for more detailed information on how to replace the default certificate with a custom certificate.
NOTE: The default CA trust store is supported based on the Ubuntu version 22.04.4. The default trust store cannot be updated to include internal CA certificates.
l Ensure that the VM tools are installed on the ESXi hosts that are being monitored to fetch the properties of the virtual machines.
l The minimum role required for exporting GigaVUE Enriched Metadata from VMware is Read Only Role. Refer to vCenter Server System Roles section in VMware documentation for more detailed information.

Application Metadata Exporter

GigaVUE V Series Applications Guide
Rules and Notes
l The GigaVUE V Series Node deployed must be entirely dedicated to the AMX application, it cannot have other applications in it.
l The monitoring session can only have Raw End Point (REP), it cannot have other applications, maps, or tunnels when using the AMX application. Refer to Create Raw Endpointsection in GigaVUE Cloud Suite Deployment Guide – VMware (ESXi) for more detailed information on how to add a REP to the monitoring session and how to configure it.
l When using this application for production usage, it is recommended to use large size Virtual Machines.
l If you reload the GigaVUE V Series Node after configuring the AMX application, then the Ingestor in the AMX application fails.
l When using GigaVUE Enriched Metadata for Cloud Workloads, if duplicate IP address is assigned to workloads, the metadata received from the most recently queried workload will be enriched. Hence, it is not recommended to use the feature in environments that are prone to have duplicate IP addresses.
l When using GigaVUE Enriched Metadata for Cloud Workloads, endpoints and the GigaVUE V Series Node running AMI and AMX should be co-located in the same cloud platform.
Configure Application Metadata Exporter Application
To add AMX application:
1. Go to Traffic > Virtual > Orchestrated Flows and select your cloud platform. The Monitoring Session page appears.
2. Click New Monitoring Session to create a new monitoring session. Refer to Create a Monitoring Session section in the respective cloud deployment guide for more detailed information on how to create a Monitoring Session.
3. In the Monitoring Session Canvas page, drag and drop Application Metadata Exporter from APPLICATIONS to the graphical workspace. The Application quick view appears.
4. Enter the Alias for the application.

Application Metadata Exporter

GigaVUE V Series Applications Guide

5. In the Ingestor section, enter or select the following details. Click

to add another

ingestor to add multiple inputs to the AMX application and click existing ingestor.

to remove an

Fields

Description

Name Port
Type

Enter name for the Ingestor.
Enter the port number to which the Application Metadata or the Control Plane metadata must be ingested.
Select any one of the following: AMI – Select this option if the input is AMI. Mobility Control Plane – Select this option if the input is Control Plane Metadata.

Application Metadata Exporter

GigaVUE V Series Applications Guide
6. Enter or select the following details in the Metadata Enrichment section:
You can use the Actions button to add multiple Metadata Enrichment. Keep in mind the following when configuring multiple Metadata Enrichment: l You can only configure either Mobility or Workload enrichment l You can only configure one Metadata enrichment with either Mobility or
Workload as the Type l You can only configure a maximum of 5 Metadata enrichment with Others
as the Type.

Fields

Description

Enrichment Name Enter a unique name for each enrichment.

Enable

Use this option to enable the enrichment.

Type

Select the type from the drop-down menu.

o Mobility o Workload o Others

Mobility

Attribute Fields

Select the attributes from the list. You can use the Select All option to select all the available attributes. Refer to Attributes for GigaVUE Enriched Metadata for Mobile Networks. for more detailed information on the list of available attributes and their description.

Workload

Platforms

Select the platform in which your Workload Virtual Machines are present.

VMware vCenter AWS Azure

Attribute Fields

Select the attributes from the list. You can use the Select All option to select all the available attributes. Refer to Attributes for GigaVUE Enriched Metadata for Cloud Workloadsfor more detailed information on the list of available attributes and their description.

Advanced Options

The advanced options allow you to configure additional details like interval and delay.

Click Add. Enter the following details:

o Enter the Key. o Enter the Value.

Source Information

Enter the details of the source. Name: Enter a unique name for each Source Information. The name should be unique across the ingestor and the source information. Key: The default keys for each platform are listed as follows. Click + to add more

Application Metadata Exporter

GigaVUE V Series Applications Guide

Fields

Description
keys. AWS: Refer to Manage access keys for IAM users section in
AWS documentation for more detailed information on how to create an access key ID and a secret access key.
aws_access_key_id aws_secret_access_key aws_region Azure: Refer to Register a Microsoft Entra app and create a service principal section in Azure documentation for more detailed information on how to configure client ID, client secret, tenant ID, and subscription ID in Azure. azure_client_id azure_client_secret azure_tenant_id azure_subscription_id VMware: url – The URL of VMware vCenter. username – Username of the VMware vCenter password – vCenter password used to connect to the vCenter self_signed_certificate Value: Enter the value for the keys. This field is editable after saving the changes. Secure Keys: Use this option to mask the value. After saving the changes, Secure Keys and Key fields are disabled and the value is masked.

Click

to add another Source Information and click

to remove a Source

Information. You can add multiple Source Information if your workloads are across

different vCenters, AWS Accounts, or Azure Subscriptions. You can create an

individual Source Information for each of the vCenters, AWS Accounts, or Azure

Subscriptions.

Others: Use this setting to perform custom mapping for advanced use cases. For details contact Gigamon Support.

Attribute Fields

Click Add and enter the attribute.

Settings

Click Add and enter the details.

Application Metadata Exporter

GigaVUE V Series Applications Guide

7. Enter or select the following details in Cloud Tools Export section:

Fields

Description

Alias

Enter the alias name for the cloud tool export.

Cloud Tool

Select the Cloud tool from the drop-down menu.

Type

Select any one of the following:

ami – Select this option to export AMI.

mobility_control – Select this option to export control plane metadata.

ami_enriched – Select this option to export enriched metadata for cloud workloads.

Account ID

Enter the account ID number of the selected Cloud Tool.

API Key

Enter the API key of the Cloud Tool.

Source IP Address Source IP Address is needed when the egress interface is configured with multiple IP addresses. Configure the source IP address which is connected to the Cloud
Tool. Both IPv4 and IPv6 are supported. This field is optional.

Enable Export

Enable the box to export the Application Metadata Intelligence output in JSON format.

Zip

Enable the box to compress the output file.

NOTE: Enable this field when using New Relic as the cloud tool.

Interval
Parallel Writer Export Retries Maximum Entries Backoff Reset Window Request Timeout Labels

The time interval (in seconds) in which the data should be uploaded periodically. The recommended minimum time interval is 10 seconds and the maximum time interval is 1800 seconds.
Specifies the number of simultaneous JSON exports done.
The number of times the application tries to export the entries to Cloud Tool. The recommended minimum value is 4 and the maximum is 10.
The number of JSON entries in a file. The maximum number of allowed entries is 5000 and the minimum is 10, however 1000 is the default value.
With a non-zero value, the exporter keeps trying to reach the tool as many times as the retry. The default setting is 0, and the Backoff Reset Window is disabled at this value.
This is the time exporter waits for a response back from the tool. The default value is 10 seconds.
Click Add. Enter the following details: o Enter the Key . o Enter the Value.

NOTE: Refer to the deployment guides of the respective cloud tools for configuring the Key and Value.

Application Metadata Exporter

GigaVUE V Series Applications Guide

8. Enter or select the following details in the Kafka exports section:

Fields

Description

Alias Topic Type
Brokers

Enter the alias name for the Kafka Export. The topic name to push JSON streams to, which is generally given to users part of the Kafka administration. Select any one of the following: ami – Select this option to export AMI. mobility_control – Select this option to export control plane metadata. ami-enriched – Select this option to export enriched metadata. The URL that contains the Kafka cluster endpoints. Click to add another broker
and click to remove an existing broker.

Source IP Address
Enable Export Zip Interval
Parallel Writer Export Retries Maximum Entries Backoff Reset Window Labels
Producer Configurations

Source IP Address is needed when the egress interface is configured with multiple IP addresses. Configure the source IP address which is connected to the Kafka Broker. Both IPv4 and IPv6 are supported. This field is optional.
Enable the box to export the Application Metadata Intelligence output in JSON format.
Enable the box to compress the output file.
The time interval (in seconds) in which the data should be uploaded periodically. The recommended minimum time interval is 10 seconds and the maximum time interval is 1800 seconds. The default time interval is 30 seconds.
Specifies the number of simultaneous JSON exports done.
The number of times the application tries to export the entries to Kafka. The recommended minimum value is 4 and the maximum is 10.
The number of JSON entries in a file. The maximum number of allowed entries is 5000 and the minimum is 10, however 1000 is the default value.
With a non-zero value, the exporter keeps trying to reach the tool as many times as the retry. The default setting is 0, and the Backoff Reset Window is disabled at this value.
Click Add. Enter the following details: o Enter the Key. o Enter the Value.
Click Add to enter the authentication details if a Kafka broker needs authentication.

For Example:
l security.protocol=SASL_SSL l sasl.mechanism=PLAIN l sasl.username=username l sasl.password=password

Application Metadata Exporter

GigaVUE V Series Applications Guide
9. Click Deploy to deploy the monitoring session. The Select nodes to deploy the Monitoring Session dialog box appears. Select the GigaVUE V Series Node for which you wish to deploy the monitoring session.
10. After selecting the GigaVUE V Series Node, select the interfaces for the REPs deployed in the monitoring session from the drop-down menu. Then, click Deploy.
Switching to outer_ip for Mobility Enrichment
In 5G Control Plane (CP) records, only the lower 64 bits of the inner IP address are captured. To overcome this limitation, you can switch to outer_ip. Follow the steps below based on your configuration:
If AMX is already configured and the Monitoring Session is deployed:
1. Undeploy the Monitoring Session in GigaVUE-FM. 2. Create a new .yaml file in the GigaVUE V Series Node: vi /etc/amx_settings.yaml 3. Modify the enrichment mode:
# Default mobility enrichment mode: inner_ip (default) or outer_ip mobility_enrichment_mode: outer_ip
4. Deploy the Monitoring Session.
During Initial AMX Configuration:
1. Create a new .yaml file in the GigaVUE V Series Node: vi /etc/amx_settings.yaml 2. Modify the enrichment mode:
# Default mobility enrichment mode: inner_ip (default) or outer_ip mobility_enrichment_mode: outer_ip
3. Save the file and proceed with the deployment.
Application Monitoring Options
You can configure the traffic health monitoring for this application in the THRESHOLDS tab. You can select an existing template from the Threshold Templates drop-down menu or provide the threshold values. For more details on Traffic health monitoring and how to create threshold template, refer to Traffic Health Monitoring section in the respective cloud deployment guides.
You can view the configuration health status and the traffic health status of the application in the HEALTH STATUS tab. For more details on configuration health and traffic health, refer to Monitor Cloud Health section in the respective cloud deployment guides.
You can view the statistics of the application in the STATISTICS tab. Refer to View Application Statistics for Application Metadata Exporter for more detailed information.

Application Metadata Exporter

GigaVUE V Series Applications Guide
View Application Statistics for Application Metadata Exporter
To view the application Statistics for the Application Metadata Exporter application, follow the steps given below:
1. Click Traffic > Virtual > Orchestrated Flows > Select your cloud platform. 2. Select a Monitoring Session from the list view, click Actions > Edit. The Edit Monitoring
Session page appears. 3. Click the application and select Details. The Application quick view appears. 4. Click on STATISTICS tab. 5. To view the statistics of a particular GigaVUE V Series Nodes, select the required
GigaVUE V Series Node from the V Series Node drop-down menu. 6. Select the IP address of the GigaVUE V Series Node from the V Series Node IP drop-
down menu to view the Ingestor and Attributes Enrichment statistics.

Application Metadata Exporter

GigaVUE V Series Applications Guide
7. You can view the following in the Application Metadata Exporter application statistics page: a. Exporter i. Name – Displays the name of exporters created for this application. ii. Exported Entries – Displays the number of entries available in the files that will be uploaded from AMX to the cloud tool or the Kafka consumers. iii. Average File Size – Displays the average size of the file. iv. File Uploads – Displays the number of file uploaded from the AMX to the cloud tool or the Kafka consumers. v. File Upload Errors – Displays the number of times the file was not uploaded to the cloud tools or Kafka consumers due to errors.
b. Ingestor
i. Name – Displays the name of the ingestor created for this application. ii. Packets Received – Displays the packets received from the AMI to
AMX ingestor. iii. Packets Dropped – Displays the packets dropped when the traffic passes from
AMI to AMX ingestor. iv. Octets Received – Displays the octets received from the AMI to AMX ingestor. v. Octets Dropped – Displays the octets dropped when the traffic passes from
AMI to AMX ingestor. vi. Records Added – Displays the number of workload information pulled from the
workload environment. vii. Records Dropped – Displays the number of the workload details that were
dropped from the workload environment. viii. Request Success – Displays if the workload information was fetched from the
cloud environment. The default interval at which the AMX fetches the workload information is 60 seconds. ix. Request Authentication Errors – Displays if the workload information was not fetched from the cloud environment due to any authentication errors like wrong password. x. Request Timedout Errors – Displays if the workload information was not fetched from the cloud environment even after the default interval of 60 seconds.

Application Metadata Exporter

GigaVUE V Series Applications Guide
c. Attributes Enrichment i. Name – Displays the name of the Metadata enrichment. ii. One Min Percent – Displays the percentage of the traffic that is enriched from the last 1 minute.
iii. Five Min Percent – Displays the percentage of the traffic that is being enriched from the last 5 minutes.
iv. Ten Min Percent – Displays the percentage of the traffic that is being enriched from the last 10 minutes.
Attributes for GigaVUE Enriched Metadata for Mobile Networks.
This section describes the various attributes available within GigaVUE Enriched Metadata for Mobile Networks.
Each flow will generate only one record per export interval; however, in this section, the attributes are separated into the following categories:
l Control Plane Attributes l User Plane Attributes

Control Plane Attributes
The control plane attributes are generated based on network signaling message transactions with successful responses. These include signaling transactions for session establishment, modification, deletion, and others. These attributes are used for enriching the user plane metadata with the corresponding control plane subscriber, device, and location information.
Attribute Description

imsi imei msisdn

International Mobile Subscriber Identity. A 3GPP-defined unique private identifier for a mobile user on a 4G network.
International Mobile Equipment Identity. A 3GPP-defined unique identifier for a mobile device on a 4G network.
Mobile Station Integrated Services Digital Network. A 3GPP-defined identifier for a mobile device on a 4G network.

Application Metadata Exporter

GigaVUE V Series Applications Guide

supi

Subscription Permanent Identifier. A 3GPP-defined unique identifier for a mobile user on a 5G network.

gpsi

Generic Public Subscription Identifier. A 3GPP-defined public identifier for a mobile user on a 5G network.

pei

Permanent Equipment identifier. A 3GPP-defined unique identifier for a mobile device on a 5G

network.

ctrl_tun_ access_ ipv4_addr

Control Plane Access Tunnel IPv4 Address. MME identifier for S11, SGW identifier for S5/S8-C, AMF identifier for N11 and SGSN for Gn, GP

ctrl_tun_ access_ ipv6_addr

Control Plane Access Tunnel IPv6 Address. MME identifier for S11, SGW identifier for S5/S8-C, AMF identifier for N11 and SGSN for Gn, GP

ctrl_tun_ Control Plane Access Tunnel Endpoint Identifier access_teid

ctrl_tun_ core_ipv4_ addr

Control Plane Core Tunnel IPv4 Address. SGW identifier for S11, PGW identifier for S5/S8-C, SMF identifier for N11 and GGSN for Gn,Gp

ctrl_tun_ core_ipv6_ addr

Control Plane Core Tunnel IPv6 Address. SGW identifier for S11, PGW identifier for S5/S8-C, SMF identifier for N11 and GGSN for Gn,Gp

ctrl_tun_ core_teid

Control Plane Core Tunnel Endpoint Identifier

user_tun_ up_link_ ipv4_addr

User Plane Uplink Tunnel IPv4 Address. Identifier of the SGW/UPF that receives the uplink user plane data from the eNodeB/gNodeB

user_tun_ up_link_ ipv6_addr

User Plane Uplink Tunnel IPv6 Address. Identifier of the SGW/UPF that receives the uplink user plane data from the eNodeB/gNodeB

user_tun_ up_link_ teid

User Plane Uplink Tunnel Endpoint Identifier

user_tun_ User Plane Downlink Tunnel IPv4 Address. Identifier of the eNodeB/gNodeB that receives the down_link_ uplink user plane data from the SGW/UPF ipv4_addr

user_tun_ User Plane Downlink Tunnel IPv6 Address. Identifier of the eNodeB/gNodeB that receives the down_link_ uplink user plane data from the SGW/UPF ipv6_addr

user_tun_ User Plane Downlink Tunnel Endpoint Identifier down_link_ teid

if_name

3GPP Control Plane Interface Name

name

Name of the event on the 3GPP control plane interface

cause_ code

Outcome of the event on the 3GPP control plane interface. Mostly set to 16 to indicate a successful event

sm_

Session Management Context

context_ref

Application Metadata Exporter

GigaVUE V Series Applications Guide

ebi

EPS(Evolved Packet System) Bearer ID

lbi

Linked Bearer Identity

pdu_

PDU(Packet Data Unit) Session ID

session_id

apn

Access Point Name

dnn

Data Network Name

ue_ipv4_ addr

User Equipment IPv4 Address

ue_ipv6_ addr

User Equipment IPv6 Address

ue_ipv4v6_ User Equipment IPv4v6 Address addr

ue_non_ip_ User Equipment non-IP Address addr

ue_addr_ type

User Equipment IP address type (IPv4 or IPv6)

qci

QoS Class Identifier

qfi

QoS Flow Identifier

five_qi

5G QoS Identifier

cgi_mcc

Mobile Country Code from Cell Global Identity

cgi_mnc

Mobile Network Code from Cell Global Identity

cgi_lac

Local Area Code from Cell Global Identity

cgi_cell_id Cell Identification from Cell Global Identity

sai_mcc

Mobile Country Code from Service Area Identifier

sai_mnc

Mobile Network Code from Service Area Identifier

sai_lac

Local Area Code from Service Area Identifier

sai_sac

Service Area Code from Service Area Identifier

tai_mcc

Mobile Country Code from Tracking Area Identity

tai_mnc

Mobile Network Code from Tracking Area Identity

tai_tac

Tracking Area Code from Tracking Area Identity

ecgi_mcc Mobile Country Code from E-UTRAN Cell Global Identifier

ecgi_mnc Mobile Network Code from E-UTRAN Cell Global Identifier

ecgi_cell_id Cell Identification from E-UTRAN Cell Global Identifier

lai_mcc

Mobile Country Code from Location Area Identity

lai_mnc

Mobile Network Code from Location Area Identity

lai_lac

Local Area Code from Location Area Identity

enode_id_ Mobile Country Code from Evolved Node mcc

enode_id_ Mobile Network Code from Evolved Node mnc

macro_

Evolved Node ID

Application Metadata Exporter

GigaVUE V Series Applications Guide

enode_id ncgi_mcc ncgi_mnc ncgi_nr_ cell_id rat_type snssai_sst snssai_sd

Mobile Country Code from NR Cell Global Identity Mobile Network Code from NR Cell Global Identity Cell Identification from NR Cell Global Identity
Type of Radio Access Technology Slice/Service Type from Single Network Slice Selection Assistance Information Slice Differentiator id from Single Network Slice Selection Assistance Information

User Plane Attributes

The user plane attributes are generated by Application Metadata Intelligence (AMI), and include information such as IP addresses, protocols, timestamps, and byte/packet counters. These attributes are generated from the network flows and do not require DPI capabilities. The attributes for the mobile network traffic are generated for the inner IP flow by bypassing the outer headers

Attribute

Description

ts vendor version generator
src_ip dst_ip src_mac dst_mac mpls protocol src_port dst_port device_inbound_ interface tcp-sport tcp_dport udp_sport udp_dport src_bytes dst_bytes

Timestamp of the metadata generated in UTC Identifying Gigamon as the vendor providing the metadata Version number of the GigaSMART software release from the AMI application Identifies the Gigamon device that generates the user plane metadata. For example HC3 Source IPv4 address of the inner flow Destination IPv4 address of the inner flow Source MAC address of the inner flow Destination MAC address of the inner flow MPLS Label if the flow has the MPLS header Layer 4 protocol of the inner flow Layer 4 protocol source port of the inner flow Layer 4 protocol destination port of the inner flow Traffic receiving port on the Gigamon device example HC3
Source TCP port Destination TCP port Source UDP port Destination UDP port Source bytes from client to server in the flow including the outer and the inner IP header Destination bytes from client to server in the flow including the outer and the inner IP header

Application Metadata Exporter

GigaVUE V Series Applications Guide

src_inner_bytes

Source bytes from the client to the server in the flow with the inner IP header (without the outer header)

dst_inner_bytes

Destination bytes from the server to the client in the flow with the inner IP header (without the outer header)

src_packets

Source packets from client to server in the flow including the header

dst_packets

Destination packets from client to server in the flow including header

total_bytes

Total bytes is sum of source and destination bytes

total_packets

Total packets is sum of source and destination packets

Unique flow id assigned to a flow

ingress_vlan_id

Vlan id in the packet received for the flow

src_ipv6

Source IPv6 address of the inner flow

dst_ipv6

Destination IPv6 address of the inner flow

ip_version

IP version v4, v6

ip_cos_id

QOS value in the IPv4 header

ip_dscp

DSCP value in the IPv4 header

ip_ttl

Time to live in the IPv4 header

ip6hop_limit

Hop limit in the IPv6 header

flow_labelv6

flow label in the IPv6 header

ip6_ds

DSCP value in the IPv6 header

tcp_flags

TCP flag in the TCP header

gre_key

Generic routing encapsulation header key in the GRE header

ip_hdr_len

IPv4 header length

ip_frag_flags

IPv4 fragmentation flags

ipv6frag_flags

IPv6 fragmentation flags

ip_frag_id

IPv4 fragment id

ipv6frag_id

IPv6 fragment id

ip_frag_offset

IPv4 fragment offset

ipv6frag_offset

IPv6 fragment offset

ipv4opt

IPv4 options

ip_precendence_id IPv4 precedence id

ip6precendence_id IPv6 precedence id

ip_tot_len

IPv4 total length

ip6tot_len

IPv6 total length

ipv6hdr_len

IPv6 header length

payload_len_id

Payload length for the flow excluding the L3 IPv4 header

next_hdr_v6

Layer 4 protocol

icmp_type_v4

ICMP message type IPv4

icmp_code_v4

ICMP response code IPv4

Application Metadata Exporter

GigaVUE V Series Applications Guide

icmp_code_v6

ICMP response code IPv6

icmp_type_v6

ICMP message type IPv6

tcp_ack_id

TCP ack id

tcp_hdr_len

TCP header length

tcp_seq_no

TCP sequence number

tcp_urgent_ptr

TCP urgent pointer

tcp_win_size

TCP window size

udp_msg_len

UDP message length

ip6traffic_class

IPv6 traffic class same as QoS in IPv4

flow_start_usec

Inner flow start time in microseconds in UTC

flow_end_usec

Inner flow end time in microseconds in UTC

flow_start_sec

Inner flow start time in seconds in UTC

flow_end_sec

Inner flow end time in seconds in UTC

start_time

Inner flow start time in milliseconds in UTC

end_time

Inner flow end time in milliseconds in UTC

egress_intf_id

egress IP interface-id for the Gigamon device sending the metadata

sys_up_time_first Difference between the flow start time and the gigaSMART uptime in milliseconds

sys_up_time_last Difference between the flow end time and the gigaSMART uptime in milliseconds

end_reason

Inner flow end reason TCP ack, reset, inactive, etc

tcpflagsyn

TCP flag SYN from TCP header

tcpflagsynack

TCP flag SYNACK from TCP header

tcpflagfin

TCP flag FIN (finish)from TCP header

tcpflagrst

TCP flag RST (reset) from TCP header

Labels

Labels are added to the metadata by configuration in AMX. There can be multiple labels configured and added. Each label is configured as a key and a string value.

Labels configured in the JSON example in the section below

label_event_type Label identifying the vendor generating the event in the AMX exporter

label_deployment Label identifying the deployment address of the AMX exporter

label_traffic

Label identifying the traffic region where the AMX is deployed

Attributes for GigaVUE Enriched Metadata for Cloud Workloads
This section describes the various attributes available within GigaVUE Enriched Metadata for Cloud Workloads for the following platforms:
l AWS l Azure l VMware vCenter

Application Metadata Exporter

GigaVUE V Series Applications Guide

AWS
Attribute

Description

Source

aws_

ID of the EC2 instance

instance_id

aws_

Type of EC2 instance

instance_

type

aws_

Availability Zone of the EC2 instance

availability_

zone

aws_image_ ID of the base image use for EC2 instance

aws_private_ Private DNS hostname name assigned to the EC2 instance

dns_name

aws_private_ Private IPv4 address assigned to the EC2 instance

aws_public_ Public DNS name assigned to the EC2 instance

dns_name

aws_public_ Public IPv4 address assigned to the EC2 instance

aws_

Current state of the EC2 instance

instance_

state

aws_subnet_ ID of the subnet in which the EC2 instance is running

aws_vpc_id ID of the VPC in which the EC2 instance is running

aws_iam_

Amazon Resource Name (ARN) of the IAM instance profile

instance_

profile_arn

aws_iam_

ID of the IAM instance profile

instance_

profile_id

aws_

Security group name assigned for the EC2 instance

Destination ü ü
ü
ü ü ü ü ü ü
ü ü ü
ü
ü

Application Metadata Exporter

GigaVUE V Series Applications Guide

security_

group_name

aws_

Security group ID assigned for the EC2 instance

security_

group_id

aws_

ID of the network interface

network_if_id

aws_

ID of the network interface attachment

network_if_

attach_id

aws_tags

Tags assigned to the EC2 instance in kv format with kv

delimiter ‘:’ and pair delimiter ‘,’

aws_flat_tags Tags assigned to the EC2 instance extracted to top level

keys and values

aws_owner_ ID of the AWS account that created the network interface

workload_

Platform Name – AWS

platform

Azure
Attribute

Description

Source

azure_

Subscription ID of the Azure account that created the VM

subscription_id

azure_

Resource Group of the VM

resource_

group

azure_vm_id Complete path of the Azure VM. This includes

subscription

azure_

Instance ID of the Azure VM

instance_id

azure_

Instance type of the Azure VM

instance_type

azure_

Availability zone of the Azure VM

availability_

zone

azure_image_ Image ID of the Azure VM

azure_private_ Private DNS name assigned to the VM instance

dns_name

azure_private_ Private IP address assigned to the VM instance

azure_public_ Public DNS name assigned to the VM instance

dns_name

ü
ü ü
ü ü ü ü
Destination ü ü
ü ü ü ü
ü ü ü ü

Application Metadata Exporter

GigaVUE V Series Applications Guide

azure_public_ Public IP address assigned to the VM instance

azure_

Current state of the VM instance

instance_state

azure_subnet_ Subnet ID of the VM instance

azure_vnet_id ID of the VNET in which the VM instance is running

azure_

ID of the network interface

network_if_id

azure_

ID of the network interface attachment

network_if_

attach_id

azure_tags

Tags assigned to the VM instance in kv format with kv

delimiter ‘:’ and pair delimiter ‘,’

azure_flat_tags Tags assigned to the VM instance extracted to top level

keys and values

azure_owner_ Owner of the VM instance

azure_location Resource Location

azure_

Scale set name

scaleset_name

azure_

Scale set orchestration mode

scaleset_mode

workload_

Platform Name – Azure

platform

VMware vCenter
Attribute

Description

Source

Destination

vmware_vm_name

Name of the guest VM

vmware_vm_network

Network name of the guest VM

vmware_vm_status

Current status of the guest VM

vmware_vm_tags

Tags assigned to the guest VM in kv

format with kv delimiter ‘:’ and pair

delimiter ‘,’

vmware_vm_flat_tags

Tags assigned to the guest VM

extracted to top level keys and

values

vmware_vm_os_family_

OS type of the guest VM (eg: Linux)

name

vmware_vm_os_distro_

OS distribution name of the guest

name

vmware_vm_os_distro_

OS distribution version of the guest

version

Application Metadata Exporter

GigaVUE V Series Applications Guide

vmware_vm_os_distro_

OS distribution pretty name of the

pretty_name

guest VM

vmware_vm_dns_host_

Host DNS name of the guest VM

name

vmware_vm_dns_host_

Host DNS domain name of the

domain_name

guest VM

vmware_host_name

Host name of the guest VM

vmware_host_ip

Host IP address of the guest VM

vmware_datacenter_name Datacenter name of the guest VM

vmware_cluster_name

Cluster name of the guest VM

vmware_vcenter_name

vCenter name of the guest VM

workload_platform

Platform Name – VMware

GigaSMART NetFlow Generation
NetFlow Generation is a simple and effective way to increase visibility into traffic flows and usage patterns across systems. The flow-generated data can be used to build relationships and usage patterns between nodes on the network.
Refer to the following topics for step-by-step instructions on how to configure NetFlow: l Configure Application Metadata Intelligence for Virtual Environment- For SecureVUE Plus
Base Bundle l Create NetFlow Session for Virtual Environment – For NetVUE Base Bundle
Create NetFlow Session for Virtual Environment
NOTE: This configuration is applicable only when using NetVUE Base Bundle.
To create an NetFlow session, follow these steps: 1. Drag and drop Application Metadata from APPLICATIONS to the graphical workspace. 2. Click the Application Metadata application and select Details. The Application quick view appears.

GigaSMART NetFlow Generation

GigaVUE V Series Applications Guide

3. In the Application quick view, enter or select the following details in the General tab:

Parameter Description

Name

Enter a name for the application.

Description Enter the description.

Application Metadata Settings

Flow Direction

Enable or Disable Bi-Directional Flow behavior. Bi-Directional is enabled by default. Disable this option for Uni-Directional Flow behavior.

Timeout

Specify the traffic flow inactivity timeout, in seconds. The session will be removed due to inactivity when no packets match.

Data Link

If you want to include the VLAN ID along with the 5-tuple to identify the traffic flow, select the Data Link and enable the VLAN option.

Observation ID

Advanced Settings

Number of Flows

The number of flows supported by the application. Refer to the following table for the maximum number of flows supported for VMware, AWS, and Azure platforms.

Cloud Platform

Instance Size

Maximum Number of Flows

VMware AWS
Azure Nutanix

200k 300k 100k 100k 200k 500k 100k 200k

NOTE: Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.

NOTE: When using NetVUE Base Bundle, Multi-Collect, Fast Mode, and Aggregate round-trip time fields are disabled.

GigaSMART NetFlow Generation

GigaVUE V Series Applications Guide

4. In the Application quick view, enter or select the following details in the Exporters tab:

Parameter

Description

Exporter Name

Enter a name for the Exporter.

Actions

Using this option, you can perform the following functions:

Add Exporter – Use to add a new Exporter to this Application Metadata Intelligence Application
Apply Template – Use to select the tool template.Refer to Tool Templatessection in GigaVUE Fabric Management Guide for more details on what are tool templates and to create custom tool templates.
Save as New Template – Use to save the current configuration as a new custom tool template.
Delete this Exporter – Use to delete the Exporter.

APPLICATION ID

Enable to export the data with Application Id.

Format

Select NetFlow

NetFlow: Select this option to use NetFlow

Record / Template type

Active Timeout

Enter the active flow timeout value in seconds.

Inactive Timeout

Enter the inactive flow timeout in seconds.

Version

Select the NetFlow version.

Template Refresh Interval

Enter the time interval at which the template must be refreshed in seconds

APPLICATION & ATTRIBUTES:

Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each application. (Not applicable when using Netflow V5, V9, Netflow IPFIX(V10), or CEF when the flow direction is Uni-Directional in the above Template drop-down menu.)

Add Application

Click on the Add Application button. The Add Application dialog box opens.

Select a Type. The available options are:

l Application Family: Each application is mapped only mapped to one Application Family

l Application Tag: Each application can be mapped to one or more Application Tags.

Select an Application Tag and the Applications that needs

GigaSMART NetFlow Generation

GigaVUE V Series Applications Guide

Parameter

Description

to be filtered from the traffic.
Attributes for the selected application is displayed in the Attribute column. You can select the required attributes.

NETWORK & TRANSPORT PARAMETERS:

Select the Network and the transport packet attributes with the respective parameters

Data Link

Select any one of the parameters such as Source MAC Address, Destination MAC Address and VLAN.

Interface

Select any one of the parameter such as Input Physical, Output Physical and Input Name.

Select the parameter as Version if required.

IPv4

Select the required attributes. By default, Source Address, Destination Address, and Protocol are enabled.

IPv6

Select the required attributes. By default, Source Address, Destination Address, and Next Header are enabled.

Transport

Select the required attributes. By default, Source Port, Destination Port are enabled.

Counter

Select the Bytes, and Packets.

Timestamp

Select the required timestamp such as System Uptime First, Flow Start, System Uptime Last, and Flow End.

Flow

Select the parameter as End Reason if required.

GTP-U

Select the required parameters such as QFI and TEID.

Outer IPv4

Select any one of the parameter such as Source or Destination.

Outer IPv6

Select any one of the parameter such as Source or Destination.

5. Click Save.

Examples- Configuring Application Intelligence Solution with Other Applications

This sections provides information on how applications like Application Filtering Intelligence, Application Metadata Intelligence and Application Metadata Exporter can be used with other applications in the monitoring session.
Refer to the following topics for more detailed information:
l Slicing and Masking with Application Filtering Intelligence l De-duplication with Application Metadata Intelligence

Examples- Configuring Application Intelligence Solution with Other Applications

GigaVUE V Series Applications Guide
Slicing and Masking with Application Filtering Intelligence
When the traffic passes through the Application Filtering Intelligence, application metadata is created. You can use the Slicing and Masking application along with Application Filtering application slice, mask, or slice and mask the filtered packets before sending them to the destination tunnel endpoint.
NOTE: When combining Slicing and Masking operations, the offset range of the Masking must be lesser than the offset value entered for the Slicing operation, as the Slicing operation is performed first.
Follow the steps below to configure Application Filtering Intelligence with Masking and Slicing:
1. Drag and drop New Map / Application Filtering from New to the graphical workspace.
2. Click the map and select Details. The Application quick view appears. 3. Configure Application Filtering Intelligence using the steps given inConfigure
Application Filtering Intelligence for Virtual Environment 4. Drag and drop Slicing from Applications to the graphical workspace. 5. Click the application and select Details. The Application quick view appears. 6. Configure Slicing application using the steps given in Slicing 7. Drag and drop Masking from Applications to the graphical workspace. 8. Click the application and select Details. The Application quick view appears. 9. Configure Masking application using the steps given in Masking. 10. Drag and drop New Tunnel from New to the graphical workspace. 11. Click the tunnel and select Details. The Application quick view appears. 12. Select the Type as L2GRE/VXLAN. Select the Traffic Direction as Out. Refer to Create
Ingress and Egress Tunnel section in the respective Cloud Deployment guides for stepby-step instructions on how to configure Tunnels. 13. Enter Source L4 Port and Destination L4 Port. 14. After placing the required items in the canvas, hover your mouse on the applications, click the red dot, and drag the arrow over to another item (map, application, or tunnel).
The filtered traffic will be sent to the Slicing application, the sliced traffic will be sent to Masking application and then to the destination tunnel Endpoint.
De-duplication with Application Metadata Intelligence
Duplicate packets are common in network analysis environments where both the ingress and egress data paths are sent to a single output. Using de-duplication with Application Metadata Intelligence lets you eliminate the duplicate packets in the Application Metadata

Examples- Configuring Application Intelligence Solution with Other Applications

GigaVUE V Series Applications Guide
output, only forwarding a packet once and thus reducing the processing load on your tools.
Follow the steps below to configure Application Metadata Intelligence with De-duplication:
1. Drag and drop Application Metadata from Applications to the graphical workspace. 2. Click the application and select Details. The Application quick view appears. 3. Configure Application Metadata Intelligence using the steps given in Configure
Application Metadata Intelligence for Virtual Environment. 4. Drag and drop dedup from Applications to the graphical workspace. 5. Click the application and select Details. The Application quick view appears. 6. Configure de-duplication application using the steps given in De-duplication. 7. Drag and drop New Tunnel from New to the graphical workspace. 8. Click the tunnel and select Details. The Application quick view appears. 9. Select the Type as UDP. 10. Enter Source L4 Port, Destination L4 Port, and Destination IP. Refer to Create Ingress
and Egress Tunnel section in the respective Cloud Deployment guides for step-by-step instructions on how to configure Tunnels. 11. After placing the required items in the canvas, hover your mouse on the map, click the red dot, and drag the arrow over to another item (map, application, or tunnel).
The duplicate packets are removed before sending the traffic to AMI. This will reduce the load on Application Metadata application which in turn can avoid exporting the duplicated Metadata to the tool.

Examples- Configuring Application Intelligence Solution with Other Applications

GigaVUE V Series Applications Guide
De-duplication
De-duplication application targets, identifies, and eliminates duplicate packets, blocking unnecessary duplication and sending optimized flows to your security and network monitoring tools. De-duplication lets you detect and choose the duplicate packets to count or drop in a network analysis environment.
Duplicate packets are common in network analysis environments where both the ingress and egress data paths are sent to a single output. They can also appear when packets are gathered from multiple collection points along a path. The de-duplication application lets you eliminate these packets, only forwarding a packet once and thus reducing the processing load on your tools.
Feature Overview
There are two actions that can be specified for handling the duplicate packets detected: drop, which drops the duplicate packets count, which counts the duplicate packets, but does not drop them
A time interval can be configured within which an identical packet will be considered a duplicate. The greater the interval over which traffic can be checked for duplicates, the higher the accuracy of the de-duplication detection and subsequent elimination.
For example, if two of the same packets are seen in the specified time interval, the packets will be detected as duplicates. If one packet is seen in the time interval and another packet is seen in a later time interval, the packets will not be detected as duplicates.
For IPv4 and IPv6 packets, to determine if a packet is considered to be a duplicate, parts of the IP headers (Layer 3 and Layer 4), as well as part of the payload are compared.
For non-IP packets, a packet is considered to be a duplicate if it is identical.
Configure De-duplication Application
To add a de-duplication application:

De-duplication Feature Overview

GigaVUE V Series Applications Guide
1. Drag and drop Dedup from APPLICATIONS to the graphical workspace. 2. Click the Dedup application and select Details. The Application quick view appears.

De-duplication Configure De-duplication Application

GigaVUE V Series Applications Guide

3. In the Application quick view, enter the information as follows:

Parameter

Description

Alias Action
IP Tclass IP TOS TCP Sequence VLAN
Timer <Value: 10500000 s>
4. Click Save.

Enter a name for the application.
Specifies whether duplicate packets are to be counted or dropped as follows:
o Count The de-duplication application counts the duplicate packets, but does not drop them.
o Drop The de-duplication application drops the duplicate packets.
The default is drop.
These options are useful when applying de-duplication operations to packets in a NAT environment. Different NAT implementations can change certain packet header fields (for example, the TCP sequence number). If you want to be able to detect duplicates without requiring that these fields match (ToS field, TCP sequence number, VLAN ID), you can disable the corresponding option.
o IP Tclass Ignore or include IPv6 traffic class. Use for IPv6. The default is include.
o IP TOS Ignore or include the IP ToS bits when detecting duplicates. Use for IPv4. The default is include.
o TCP Sequence Ignore or include the TCP Sequence number when detecting duplicates. The default is include.
o VLAN Ignore or include the VLAN ID when detecting duplicates. The default is ignore.
Include means the field will be included when the application compares packets.
Ignore means the field will be ignored when the application compares packets.
Configures the time interval within which an identical packet will be considered a duplicate. The greater the interval over which traffic can be checked for duplicates, the higher the accuracy of the de-duplication detection and subsequent elimination. The default is 50,000µs.
For example, if two same packets are seen in the specified time interval, the packets will be detected as duplicates. If one packet is seen in the time interval and another packet is seen in a later time interval, the packets will not be detected as duplicates.
NOTE: Retransmissions are not counted as duplicates.

What’s Next

You can configure the traffic health monitoring for this application in the THRESHOLDS tab. You can select an existing template from the Threshold Templates drop-down menu or provide the threshold values. For more details on Traffic health monitoring and how to create threshold template, refer to Traffic Health Monitoring section in the respective cloud deployment guides.

De-duplication What’s Next

GigaVUE V Series Applications Guide
You can view the configuration health status and the traffic health status of the application in the HEALTH STATUS tab. For more details on configuration health and traffic health, refer to Monitor Cloud Health section in the respective cloud deployment guides.
You can view the statistics of the application in the STATISTICS tab.
Distributed De-duplication
In distributed de-duplication, when you set up a monitoring session with a de-duplication app, the traffic is first sent to a component which distributes the traffic based on a consistent mechanism to ensure that packets from a particular traffic go to the same deduplication instance. The packets are shared across the GigaVUE V Series Nodes. The distributed de-duplication more efficient that the existing de-duplication.
NOTE: From version 6.9, Traffic Distribution option is renamed to Distributed Deduplication.
From version 6.5, distributed de-duplication is supported on Azure, AWS and, GCP. An enhanced configuration profile for the load balancer will be set by default with no option for modification. The default profile will use source and destination IP addresses, source and destination ports as the configuration for calculating the hash value for traffic distribution.
Important:
1. False traffic health alarms could be raised due to distribution of traffic across GigaVUE V Series Nodes.
2. Statistics are displayed for all the applications. Distributed De-duplication requires additional entities which will be listed in statistics page.
Limitation
l When using distributed de-duplication application, if Prefer IPv6 option is enabled when configuring GigaVUE V Series Node using GigaVUE-FM, IPv6 tunnel will be created only between GigaVUE V Series Node and UCT-V and the rest of the tunnels created are IPv4 tunnels. Refer to Configure GigaVUE Fabric Components section in the respective cloud deployment guide for more detailed information on how to deploy GigaVUE V Series Node with IPv6 tunnels.
l When using distributed de-duplication application, if Enable IPv6 Preference option is enabled when configuring GigaVUE V Series Node using Third Party Orchestration, IPv6 tunnel will be created only between GigaVUE V Series Node and UCT-V and the rest of the tunnels created are IPv4 tunnels. Refer to Create Monitoring Domain section in GigaVUE Cloud Suite Deployment Guide – Third Party Orchestration Guide for more detailed information on how to create a monitoring domain to register GigaVUE fabric components with IPv6 tunnels.

De-duplication Distributed De-duplication

GigaVUE V Series Applications Guide
GENEVE Decapsulation
The GENEVE Decapsulation application is used to acquire and strip GENEVE headers. To route the traffic through the third-party network appliances seamlessly, the AWS gateway load balancer with a VPC adds GENEVE header to packets as they are forwarded to a thirdparty network appliance. Each appliance is expected to terminate the GENEVE tunnel and process the GENEVE encapsulated traffic traffic. When the GigaVUE-FM directs the acquisition of the customer traffic, the packets are encapsulated and forwarded as GENEVE tunnels that are terminated in GigaVUE V Series nodes.
To add a GENEVE application: 1. Drag and drop GENEVE from APPLICATIONS to the graphical workspace. 2. Click the GENEVE application and select Details. The Application quick view appears.

3. Enter an alias for the GENEVE application. 4. Click Save.
What’s Next
You can configure the traffic health monitoring for this application in the THRESHOLDS tab. You can select an existing template from the Threshold Templates drop-down menu or provide the threshold values. For more details on Traffic health monitoring and how to create threshold template, refer to Traffic Health Monitoring section in the respective GigaVUE Cloud Suite deployment guides.
You can view the configuration health status and the traffic health status of the application in the HEALTH STATUS tab. For more details on configuration health and traffic health, refer to Monitor Cloud Health section in the respective GigaVUE Cloud Suite deployment guides.

GENEVE Decapsulation What’s Next

GigaVUE V Series Applications Guide
You can view the statistics of the application in the STATISTICS tab.

GENEVE Decapsulation What’s Next

GigaVUE V Series Applications Guide
Header Stripping
Header Stripping application efficiently examines the packets for specified headers like GTP, ISL, ERSPAN, MPLS, MPLS+VLAN, VLAN, VN-tag, VXLAN, FM6000Ts, GENEVE, and generic and remove them before sending the packet to the appropriate security and analysis tools. Each packet is examined for the packet forwarding addition, and it also ensures that the headers are removed before sending the packet to the tools. This application is useful when working with tools that either cannot recognize these headers or must engage in additional processing to adjust for them.
Furthermore, the presence of protocols like GTP, ISL, ERSPAN, MPLS, MPLS+VLAN, VLAN, VN-tag, VXLAN, GENEVE, and FM6000Ts in the packet can restrict or limit the ability to apply filtering and flow-based load balancing to the traffic as it is forwarded to specific tools. To address each of these challenges, Header Stripping of these protocols is required.
List of Protocols that are supported for striping:
l GTP l ISL l ESPRAN l MPLS l MPLS+VLAN l VLAN l VN-tag l VXLAN l FM6000Ts l GENEVE l Generic
Note:
Header Stripping for the GENEVE protocol is currently supported for the following platforms:
l VMware vCenter l VMware NSX-T l Nutanix

Header Stripping

GigaVUE V Series Applications Guide
Limitation
The GENEVE protocols currently supported for header stripping are the Transparent Ethernet Bridge (0x6558), IPv4 (0x0800), and IPv6 (0x86DD).
Configure Header Stripping Application
To configure the Header Stripping application in GigaVUE-FM, follow the steps given below: 1. Drag and drop Header Stripping from APPLICATIONS to the graphical workspace. 2. Click the Header Stripping application and select Details. The Application quick view appears.

Header Stripping

GigaVUE V Series Applications Guide

3. In the application quick view, enter or select the required information as described in the following table:

Field
Alias

Description
Enter the alias name for the application.

Protocol

Select the type of protocol.

VLAN: Use this option to strip the VLAN header from the packets. You can either strip the outer VLAN header or the entire VLAN header. When choosing VLAN as your protocol for stripping, enter the following details:

VLAN Header

The VLAN Header that should be stripped. The supported minimum value is 0, and the maximum value is 16777215. The default value is 0.

VXLAN: Use this option to strip VXLAN (Virtual eXtensible Local Area Network) headers. You can strip either matching VXLAN headers or all VXLAN headers. When choosing VXLAN as your protocol for stripping, enter the following details:

VXLAN ID

The VXLAN ID that should be stripped. The default value is outer.

FM6000Ts: Use this option to strip FM6000Ts time stamp headers. Packets entering the application from other devices may contain FM6000 timestamps. FM6000 is an Intel chip used for time stamping. FM6000 has a hardware timestamp in the packet. When choosing FM6000Ts as your protocol for stripping, enter the following details:

Time Stamp Format

The format of the time stamp you wish to strip. The only supported format for the time stamp is None.

ESPRAN: Use this option to strip ERSPAN Type II and Type III headers. When choosing ESPRAN as your protocol for stripping, enter the following details:

ESPRAN FlowID

Specify an ERSPAN flow ID between 0 to 1023. A flow ID of zero is a wildcard value that matches all flow IDs.

GENEVE: Use this option to strip the GENEVE header from the packets. The default L4 Destination Port value is 6081. To change the default L4 destination port value, follow the steps given below:
1. Expand the Custom Port section.
2. You can either select an existing template with the port details or provide them directly in the popup window. o Using Template – If you wish to use an existing template, select the template from the Template drop-down menu. To create a new template, refer to Create Custom Port Template.

NOTE: You cannot modify an existing template by editing the values directly in the Monitoring Session. However, you can modify the values in the Monitoring Session and save it as a new template.

o Without Template – You can directly enter your port details in the L4 Destination Port field.
Click the Save as New Template button to save this existing configuration as a template. You can view the newly created template in the Custom Port Template page.

Header Stripping

GigaVUE V Series Applications Guide

Generic: Using this option to strip any header without worrying about the header level. When choosing generic as your protocol for stripping, enter the following details:

Ah1

The anchor header (AH1), after which the header to be stripped occurs.

Offset

Based on the selected Offset, enter the following details:

Offset Range: If you wish to use offset range as your offset, then enter the following details:

a. Offset Range Value: Specify the offset of the header occurrence from the above anchor header. The minimum supported value is one, and the maximum supported value is 1500.

b. Header Count: Specify the number of headers the application should remove from the offset. The minimum supported value is one, and the maximum is 32.

c. Custom Len: The length (in bytes) of the header that should be stripped.

d. Ah2: The next possible standard header that occurs immediately after the header.
Start / End: If you wish to use start or end as your offset, then enter the following details:

a. Header Count: Specify the number of headers that the application should remove from the offset.. The minimum supported value is one, and the maximum is 32.

b. Custom Len: The length (in bytes) of the header that should be stripped. The minimum supported value is one, and the maximum supported value is 1500.

c. Ah2: The next possible standard header that occurs immediately after the header.

4. Click Save.

What’s Next

You can configure the traffic health monitoring for this application in the THRESHOLDS tab. You can select an existing template from the Threshold Templates drop-down menu or provide the threshold values. For more details on traffic health monitoring and how to create a threshold template, refer to Traffic Health Monitoring section in the respective GigaVUE Cloud Suite deployment guides.

You can view the configuration health status and the traffic health status of the application in the HEALTH STATUS tab. For more details on configuration health and traffic health, refer to Monitor Cloud Health section in the respective GigaVUE Cloud Suite deployment guides.

You can view the application statistics in the STATISTICS tab.

Header Stripping

GigaVUE V Series Applications Guide
Create Custom Port Template
GigaVUE-FM enables you to specify custom L4 destination port values when using the Header Stripping application. You can create a template and utilize it to define custom port values when configuring the Header Stripping application.
To create a custom port template for the Header Stripping application:
1. Go to Inventory > Resources > Custom Port Template. The Custom Port Template page appears.
2. Click New to create a new template. The New Custom Port Template dialog box appears.
3. Enter a name for the template. 4. Enter valid port numbers between the range 1025 to 65535 in the L4 Destination Port
field. Enter only comma separated integer values. You can provide a maximum of 10 ports. For example: 1034,1098,1039 5. Click Save.
You can view the created template on the Custom Port Template page. If a template is associated with a Monitoring Session, you can view the name of the Monitoring Session to which the template is associated in the Affected Entity column.
You can use the Actions buttons to perform the following:
l Edit: You can use this option to edit a template. If a template is associated with a Monitoring Session, editing it will be reflected in all the Monitoring Sessions associated with that template.
l Delete: You can use this option to delete a template. You cannot delete a template associated to a Monitoring Session.

Header Stripping Create Custom Port Template

GigaVUE V Series Applications Guide
Load Balancing
Load balancing application performs stateless distribution or Enhanced Load Balacing of the packets between different endpoints. Stateless load balancing distributes the processed traffic to multiple tool ports or tunnel endpoints based on hash values generated from predefined protocol fields in the packet.
When Enhanced Load Balancing is enabled and an endpoint fails, the traffic is redistributed for the failed endpoint. When the failed endpoint recovers, the redistributed traffic is restored to the recovered endpoint. The traffic across other endpoints remain undisturbed during this process.
To add a load balancing application: 1. Drag and drop Load Balancing from APPLICATIONS to the graphical workspace. 2. Click the load balancing application and select Details. The Application quick view appears.

Load Balancing

GigaVUE V Series Applications Guide

Load Balancing

GigaVUE V Series Applications Guide
3. In the Application quick view, enter the information as follows:

Metric
Alias Stateless Enhanced Load Balancing Hash Field

Description
Enter a name for the load balancing application Select this option to enable Stateless Load Balancing Select this option to enable Enhanced Load Balancing and select the ELB profile.
l ipOnly : The source IP and destination IP addresses. l ipAndPort: The source IP and destination IP addresses, a

Documents / Resources

Gigamon V Series Cloud Suite [pdf] User Manual
V Series, V Series Cloud Suite, V Series, Cloud Suite, Suite

References

User Manual

Leave a comment

Cancel reply