SHARE
Cloud / March 10, 2021

Demystify Automated Cloud Visibility with VPC Traffic Mirroring and Gigamon

Updated September 30, 2021.

AWS is the industry leader in IaaS, with an extensive and worldwide public cloud presence that offers endless scalability, agility and simplicity for millions of customers. VPC Traffic Mirroring, available for production environments and supported by Gigamon since 2019, is a key component of AWS.

VPC Traffic Mirroring provides the ability to dynamically copy and filter traffic from the elastic network interfaces of EC2 instances. These mirrored packets are then streamed using VXLAN-encapsulated tunnels directly to out-of-band security and monitoring appliances or to next-generation GigaVUE® V Series virtualized visibility nodes for aggregation, advanced processing and subsequent load balancing to security and monitoring tools. VPC Traffic Mirroring provides a multitude of benefits, such as:

  • Delivering comprehensive visibility into all VMs, including East-West flows within a hypervisor, and supporting delivery across VPCs leveraging transit gateways
  • Simplifying deployment by eliminating the need to install and manage packet-forwarding agents for each tool on every workload
  • Enhancing security via packet capture at the elastic network interface, which cannot be disabled or tampered with from a user space

VPC Traffic Mirroring Casts a Wider Net

Recently, AWS has expanded its support for VPC Traffic Mirroring beyond the initial Nitro-based compute instances, to non-Nitro compute instances that use Xen-based hypervisors. This capability greatly expands the applicability of this data acquisition method to 12 additional instance types. With GigaVUE Cloud Suite for AWS, VPC Traffic Mirroring-based deployments benefit from a wide range of new capabilities:

  • Visibility to security tools to identify and block lateral movement of malware
  • Privacy protection in multi-tenant environments
  • Compliance in heavily regulated industries
  • Increased tool availability, responsiveness and efficiency

Ex Uno Plures (Out of One, Many)

Aside from extensive GigaSMART® applications to optimize flows, GigaVUE V Series brings a host of synergistic value to AWS users. Unlike the VPC Traffic Mirroring approach, where one data source can be forwarded to only one tool at a time, GigaVUE V Series provides the ability to centrally acquire feeds from multiple traffic sources and send the same flows to multiple tools all at once. Gigamon aggregates individual packets from numerous sources, replicates, filters (if appropriate) and forwards to multiple selected destinations. Ex uno plures.

Automation for Scale-Out Is Paramount

Traffic mirroring affords you the simplicity of automatically instantiating new instances directly with new compute nodes. As these sources of traffic are provisioned and configured, AWS VPC console-management tools effortlessly create the associated Amazon VPC traffic mirroring. Without Gigamon, operations work for scaling out visibility is significantly greater.

VPC Traffic Mirroring is agentless for simplicity, with minimal CPU and memory utilization, and is natively supported by GigaVUE V Series and GigaVUE-FM fabric manager with proven interoperability. This is yet another way Gigamon makes Amazon VPC traffic mirroring easier to use and more effective.

GigaVUE-FM Is the Not-So-Secret Sauce

While VPC Traffic Mirroring is incredibly useful on its own, you’ll want to enhance it with GigaVUE-FM. A main benefit to using this centralized orchestration and management tool is that it helps eliminate manual processes and errors by automatically identifying each new workload and its associated traffic mirroring via our patented Automatic Target Selection (ATS), and then configuring the traffic mirroring to direct traffic to the GigaVUE V Series nodes. By deploying Gigamon, you eliminate numerous redundant traffic flows, obviate needless tool scaling and make these tools more efficient.

The benefits don’t end there. You can, for example, also use GigaVUE-FM to:

  • Use AWS APIs to detect VM changes in the cloud and automatically adjust the GigaVUE V Series visibility tier
  • Integrate with third-party systems and tools, via RESTful APIs, to dynamically adjust received traffic or to configure new traffic policies
  • Auto-discover and visualize the end-to-end topology of visibility tiers and EC2 instances (see Figure 1)
  • Achieve centralized orchestration with a single-pane-of-glass visualization across the entire infrastructure
  • Define traffic policies using a simple drag-and-drop user interface (see Figure 2)
Figure 1. Example topology map with AWS and GigaVUE-FM fabric manager.

Figure 2: GigaVUE-FM’s intuitive drag-and-drop graphical user interface.

Major North American Retailer Turns to AWS and Gigamon

A joint AWS-Gigamon customer deploys several security tools and needed comprehensive visibility and the ability to separately send full packet flows to each appliance — automatically. Step one was to use AWS traffic mirroring to get full insight into all workloads of interest. This worked like a charm.

They could not, however, simultaneously direct VPC Traffic Mirroring-oriented traffic to multiple tools. And they wanted to call on their prevailing skillset involving visibility solutions. To solve the problem, they installed our GigaVUE Cloud Suite for AWS and, bingo — all VPC Traffic Mirroring sources were properly aggregated by GigaVUE V Series nodes, under the auspices of GigaVUE-FM, and traffic was properly forwarded to all the security tools. With deep integration into the AWS management suite, the customer could leverage its existing knowledge for a fast, efficient, automated deployment. Problem solved.

GigaVUE V Series for AWS

While leveraging VPC Traffic Mirroring in combination with GigaVUE-FM to easily obtain network visibility is amazing, continuing to send every raw packet to every tool should be a non-starter. On top of that, raw packets have a lot of baggage that tools don’t need and don’t want. Packets also have a nasty habit of getting duplicated, which distorts network performance-monitoring results and overburdens security appliances. Furthermore, NetFlow generation must come from the network nodes, and that comes with a big CPU tax. GigaVUE V Series for AWS comes to the rescue with an extensive number of benefits, including:

  • ATS: Automatically extract traffic of interest from any workload without explicitly specifying target VPCs
  • Flow Mapping®: Selection of Layer 2 through Layer 4 traffic of interest
  • NetFlow/IPFIX generation: Create flow records from network traffic to determine IP source and destination of traffic
  • Data modification: Modify content in the headers (L2–L4) and mask data content to ensure security, segregation of sensitive information and compliance with privacy regulations
  • Data reduction: Slice and sample packets to optimize traffic flows and content sent to tools, thereby reducing tool overload
  • Packet de-duplication: Eliminate duplicate packets that overwhelm tools and obfuscate results
Figure 3: GigaVUE V Series and GigaVUE-FM in an AWS environment with traffic acquisition by AWS traffic mirroring or Gigamon G-vTAPs.

Conclusion

The powerful combination of GigaVUE Cloud Suite for AWS and AWS VPC Traffic Mirroring greatly improves access and visibility into network traffic and apps flowing within your hybrid cloud infrastructure. AWS customers obtain complete visibility into virtual machines, an essential requirement for building multi-tiered tool stacks.

Traffic is intelligently distributed to network monitoring and security tools to maximize their effectiveness and accuracy and to avoid unnecessary scaling so as to lower CapEx. In addition, Gigamon and AWS solutions are tightly coupled to drive automation, simplified management and reduced OPEX.

Check out our free AWS Test Drive and see for yourself. And download our whitepaper to get further insights into elucidating cloud visibility.

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Hybrid/Public Cloud group.

Share your thoughts today


Back to top