This post describes how you can configure Gigamon’s AWS visibility platform to send traffic to a Sinefa probe in AWS for instant, L7, 1-sec resolution visibility.
Before you get started, you will need Gigamon’s visibility platform installed and configured in your AWS environment. There is a getting started guide available from Gigamon's AWS marketplace listing.
Step 1 - Deploy a Sinefa probe in AWS
You will need a Sinefa probe deployed inside AWS to receive traffic from the Gigamon platform. Instructions for deploying a Sinefa probe inside AWS can be found here: https://community.sinefa.com/hc/en-us/articles/201112997-Quick-Start-Guide-Amazon-AWS-EC2-Instance
You will need to allow inbound UDP port 4789 to the Sinefa probe (optionally from the Gigamon V series node security group).
Step 2 - Prepare the Sinefa probe
Gigamon sends traffic to tools (like Sinefa probes) using VXLANs. You will need to setup a VXLAN interface on the Sinefa probe and configure the probe to monitor that interface.
First, update the probe to the latest software:
$ sudo yum update
Then create the VXLAN interface:
$ sudo ip link add vxlan0 type vxlan dev eth0 id 0 dstport 4789
$ sudo ip link set vxlan0 up
Then configure the probe to monitor all traffic on that interface:
$ sudo /opt/sinefa/bin/sinefa-netflow-config -a vxlan0
Now the probe is listening on the new vxlan0 interface. Any traffic it receives on this interface will be monitored.
Step 3 - Configure Gigamon to send traffic to Sinefa
Login to the GigaVue-FM user interface and navigate to the AWS section. Go to the Configuration, Tunnel Library section and add a new tunnel.
Be sure to specify the type as “VXLAN”, the remote tunnel IP as the internal IP of the Sinefa probe and the port as 4789.
Now you have a tunnel you can use to send traffic to the probe. Next, go to the Monitoring Sessions section and create a new monitoring session.
Using a Map and our new tunnel, we can create a session that sends some or all of the traffic captured by Gigamon to the Sinefa probe.
Once the tunnel is deployed, login to the Sinefa app and you should see live traffic from the new Sinefa probe in AWS.