Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
This article list details on how Gigamon’s virtual visibility node GigaVUE-VM provides automated traffic visibility into virtual workloads in VMWare NSX environment.Disclaimer: The partner product referenced in this article is a software module that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see: https://www.gigamon.com/products/gigavue-vm and https://www.gigamon.com/products/gigavue-fm.
Supported SoftwareThe following minimum versions are required for integrating GigaVUE-VM with NSX: VMware vSphere ESXi 6.0 or greater on hardware that meets minimum requirementsVMware NSX 6.2.4GigaVUE-FM 3.3,01, 3.4GigaVUE-VM 3.3.01, 3.4GigaVUE Visibility Fabric node with GigaVUE OS 4.7 software with GigaSMART license for tunnel terminationVMware NetX API lib tarball used for solution integration is VMware-netx-sdk-5.5.0-2578815.tgz.Links to Product Documentation and Software Download SiteGigaVUE FM-VM 3.4.00 User GuideSoftwareGigaVUE-VM Software Version 3.4.00 OVA file (VMware)GigaVUE-FM Software Version 3.4.00 OVA file (VMware)GigaVUE-HC2 Software Image, Version 4.7.00 /GigaVUE-HB1 Software Image, Version 4.7.00Integration with VMware NSXThe Gigamon Service Virtual Machine (GigaVUE-VM), using NSX and NetX APIs, supports automated filtering and forwarding of the VM traffic to multiple security and monitoring tools attached to the Gigamon traffic visibility appiances. Here is the sequence of the partner integration:GigaVUE-FM, discovers the inventory of the hosts and VMs managed by vCenter and NSX Manager using NSX APIs.Using NSX APIs, insert Traffic Visibility Service (GigaVUE-VM).Define and associate traffic policies to NSX Security Groups using NSX APIs.VMware NetX APIs and Copy Packet feature provides the traffic visibility by filtering and copying the VM traffic to GigaVUE-VM.GigaVUE-VM adds additional L2-L4 filtering and packet slicing optimizations and forwards the traffic to the Gigamon physical appliance to which all the security and monitoring tools are connected.VMware NetX automates the traffic visibility for new VMs in the Security Groups as n-tier applications scale-outInstallation steps are documented in the GigaVUE FM-VM User Guide for Version 3.4.00 posted in the software download location on Gigamon Customer Portal.Uninstallation ProcessNSX: Delete installed Gigamon Service to cluster - this will remove deployed the GVM on all ESXi hosts in the cluster.NSX: In Security policy, delete step 4 Network Introspection Services, created to specify the Gigamon Traffic Visibility for the service name.GigaVUE-FM : Delete created NSX Virtual Traffic Map.GigaVUE-FM: Delete Registered NSX Manager.TroubleshootingGigaVUE-VM install fails look at the /var/log/vmware/vpx/eam.log on the vCenter server.On vCenter server make sure Gigamon Traffic Visibility Service is successfully installed on NSX clusters for which visibilty is desired. Check the installation status under Network & Security > Installation > Service Deployments > Installation status.On GigaVUE-FM check if GigaVUE-VM node show UP (green) status under Virtual > VMware NSX > Virtual Node.On GigaVUE-FM check if Virtual Maps have deployment status as success under Virtual > VMware NSX > Virtual Map.On GigaVUE-FM check if GigaVUE-VM are able to reach the Tunnel node by running Tunnel validation under Virtual > VMware NSX > Virtual Node > Tunnel Validation.If GigaVUE-VM is not receiving traffic check port statistics with this command show port stats port-list 1/1/x2..x1 where 1/1/x2 shows vds incoming traffic and 1/1/x1 shows outgoing traffic.On GigaVUE-VM, leverage tcpdump to check if traffic is received:Incoming traffic:tcpdump -nnXXS -s0 -i eth2 not arp and not rarp Outgoing traffic from gvm:tcpdump -nnXXS -s0 -i eth1 not arp and not rarp If GigaVUE-VM if receiving traffic but not reaching physical visibility fabric check the tunnel port connectivity using GigaVUE-FM utility Tunnel Validation for ping, arping and traceroute.To check for the virtual traffic being monitored leverage packet monitoring tools like Wireshark connected to a Tool Port of Gigamon Visibility fabric Log Collection and Analysis for troubleshootingUse GigaVUE-FM to generate and collect logs for the entire system, including GigaVUE-VMs. Logs can be generated under GigaVUE-FM > System > Logs > Generate. Please contact Gigamon Support at support@gigamon.com with GigaVUE-FM logs collected for further troubleshooting.Point of Contact for Collaboration with VMwareContact information if VMware support needs to escalate an issue or engage partner support for further troubleshootingsupport@gigamon.comPhone – 408-831-4024Workflow for engaging the partner for: Basic troubleshooting of partner components1. Create a ticket with Gigamon Support.support@gigamon.comPhone – 408-831-4024Customer Escalations1. Create a P1 / P2 ticket with support.2. Work with L2/L3 support engineer to identify and isolate the issue.Engineering engagement for suspected product bugs1. Create a P1 / P2 ticket with support.2. Work with the support engineer to create a Software defect and escalate to get Engineering engagement to quickly help resolve the issue.Upgrade Procedure/PathIt is a new product. Upgrade path not application for the current release.Additional support informationHere are some Sample problematic scenarios with most common mis-configuration and how to address them. DHCP Issues?If for some reason the DHCP server is unable to allocate an IP address for a GigaVUE-VM node, the node will be listed in the Virtual Nodes page with an Unconfigured entry in the GigaVUE-VM IP column. If this occurs, make sure the DHCP server is up and accessible, and then go to Virtual Nodes page and click Rediscover.If a static pool is selected for GVM, and the pool does not have enough IP addresses to allocate, it may cause issues. The GVM can either get a DHCP address or not get any address at all.Data Store should be accessible across all the hosts on the cluster. Else GigaVUE-VM would not be deployed across all the hosts in the cluster. A tunnel must be created in the Tunnels Library that defines the destination port to which the traffic is sent. Refer to GigaVUE-VM user guide on how to create the GigaVUE-VM tunnel to GigaVUE nodes.GigaVUE-VM would not receive traffic until NSX security group and security policy is created to re-direct network traffic to the Gigamon Traffic Visibility service.Known IssuesNo Open issues for this integration. ReferencesGigamon Visibility FabricGigaSECURE – Security Delivery PlatformGigaVUE-VM – Virtual Traffic VisibilityVMware NSX and Gigamon Joint Solution BriefNote: The preceding link was correct as of September 02, 2016. If you find the link is broken, please provide feedback and a VMware employee will update the link.
GigaVUE-VM 与 NSX 6.2.4 集成