Gigamon® Visibility Fabric™ Overview and Configuration (GVFOC)
Detailed Course Outline
Module 1: Gigamon Solution Overview
- Adoption trends
- Key value propositions
- Product family overview
Module 2: Planning and First Use
- Selecting traffic sources
- Initial setup of GigaVUE H Series
Module 3: Packet Distribution
- Aggregate, replicate, filter
- Flow Mapping
- Pass-all, port pair, tool-mirror, tool-GigaStream
Module 4: GigaSMART Overview
- Packet slicing
- Time stamping
- Data masking
- Source port labeling
- Header stripping
- Adaptive Packet Filtering
- GTP correlation
- NetFlow generation
- SSL decryption
- Load Balancing
Module 5: Introduction to Implementing Gigamon in Cloud Environments
- GigaVUE-VM Overview
- GigaVUE-AWS Overview
Module 6: Introduction to Managing a Visibility Platform™
- GigaVUE-FM (Fabric Manager)
Module 7: System Maintenance and Clustering
- Backup and Restore
- Upgrading and Licensing
- Cluster design
- Clustering configuration
Module 8: Implementing InLine Bypass
- InLine Bypass Overview
- Configuring Inline Bypass
This lab provides a brief exploration of the CLI and online help and directs the student’s attention to various ways to leverage the online help capabilities so that the User Guide is rarely needed.
Port Behavior Setup
This lab shows the student how to define the mode for network and tool ports in both the GigaVUE CLI and the Fabric Manager GUI interface.
The first traffic forwarding configuration example will forward all packets received on a Network port to a Tool port. This is the simplest possible traffic forwarding configuration and the student will configure this type of map from the CLI as well as
Adding a VLAN Tag to ingress traffic It can be useful to know where traffic was collected, since the same packet can be gathered at multiple points along the way to its destination. It is also useful to have tools sort traffic according to traffic origin. For exercise 4 you will modify the port settings to have the GigaVUE node insert a VLAN Tag into packets received.
Simple Flow Map Configuration
Instead of indiscriminately forwarding everything flow maps are highly flexible, easily reconfigured sets of instructions for forwarding selected traffic from one or more Network ports over to one or more Tool ports. In this lab you will configure a simple filter condition to forward only IP version 4 traffic from a Network ingress port to a Tool egress port.
More Complex Flow Map Configuration with Rule Prioritization
After reviewing the configurations with the show map command or the show running command, the you will practice removing previously defined mappings and replace those maps using the same ports, but different rules. You will practice using overlapping filters.
Shared Collector Configuration
An additional type of rule, which may be configured is the special shared collector rule. In exercise 7, You will configure a shared collector in the CLI and Fabric Manager to catch data that fails to meet the conditions defined in previously defined rules.
User-Defined Attribute (UDA) Filter
User-defined pattern matching supports either one or two 16-byte pattern matches in a map rule. For this lab you will configure a UDA filter for Q-in-Q inside VLAN Tag 102 within a stacked-tag packet.
Network owners are often faced with upgrading existing security and monitoring tools, or acquiring new security or monitoring capabilities. In this lab you will replicate traffic destined for one Tool egress port and sent an identical copy to a second Tool egress port as if you were performing a side-by-side Proof-of-Concept evaluation.
Replication and Egress Filtering
Replication is one of the most common uses of a Visibility Platform. Only one tool can connect to any single SPAN or TAP port. To grant equal access to the same traffic stream you must replicate the packets. In this lab you will configure destination
Tool ports to receive a complete and identical copy of the selected traffic stream.
The egress filter example takes replication to the next level. You will configure an egress filter that allows only a subset of the web traffic to be sent to an attached tool.
A Hybrid port is similar to a Tool port, except that Tool ports are exclusively output ports while Hybrid ports can also be used as a Network ingress port for additional maps. In this lab you will configure a Hybrid port loopback function to allow any traffic forwarded to a port by any map or pass-all to be made available to other mapping operations.
Assume that the volume of web traffic, which is selected by the map exceeds the processing power or link capacity for the web analyzer attached to a Tool egress port, and a second web analyzer is required to process the load. You will reconfigure an existing map so that the web traffic is divided between Tool ports using a Tool GigaStream.
A port-pair is a bidirectional connection in which traffic arriving on one port in the pair is transmitted out the other (and vice-versa). You will configure port pairs to operates like a TAP so that the copied output is available to the backplane of the GigaVUE node.
Backup and Restore
Maintining backups of your configurations is essential in a production environment. In this lab you will use the web and CLI interface to export a set of configurations in both standard and text formats. You will also restore configuration files utilizing different transport protocols.
Removing All Configurations
When moving a node from one location to another, before adding a node to a cluster, or in situations such as this training class the configuration needs to be removed. During this lab you will practice techniques to remove Maps and configuration elements from the GigaVUE node.
GigaSMART Application: Deduplication
For accurate performance monitoring and analysis in your network, it is essential to remove any duplicated traffic going to your tools. In this lab you will configure the necessary maps and related GigaSMART operations to utilize the traffic de-duplication feature of GigaSMART.
GigaSMART Service: Tunneling
Centralizing tools is a key benefit of implementing a Visibility Fabric. To forward data back to that centralized tool rack from a remote or virtualized environment, you can implement the GigaSMART feature of Tunneling. In this lab you configure the FlowMaps, Tunnel endpoints and GigaSMART services to support this feature.
GigaSMART Service: Header Stripping
Header Stripping allows your tools to decode traffic that might not be accessible due to unrecognizable header information in the packet. You will configure this GigaSMART service to remove unwanted headers from the data before forwarding that traffic to tool ports.
GigaSMART Service: Packet Slicing
Optimizing traffic for transport and storage on forensic recorders is important in network environments. Packet Slicing allows the bulk of data content in a packet to be removed before forwarding through tunnels or to attached tools and also can help maintain privacy compliance. You will configure this GigaSMART service to perform the slicing operation at a pre-defined location of choice in the packet to remove unwanted content.