- 13 Apr 2023
- 4 Minutes to read
- Updated on 13 Apr 2023
- 4 Minutes to read
Avi Vantage is a multi-cloud application delivery platform that provides load balancing, application security, and network performance services for modern applications. It uses a software-defined approach to application delivery and can run on a variety of cloud infrastructure, including private data centers, public clouds, and edge locations. Avi Vantage provides a traffic cloning feature for creating duplicates or clones of network traffic flows for testing and analysis purposes. This feature allows you to create an exact copy of the incoming traffic and redirect it to a separate testing or monitoring environment, without affecting the original production traffic. In this deployment, the cloned traffic is sent to the Suricata mirroring instance.
Avi Vantage supports traffic cloning for:
- Public clouds
- Private data centers
- Multicloud environments
- Edge locations
For more information on Avi Vantage's traffic cloning, see Traffic Cloning.
The process to configure mirroring for Avi Vantage consists of the following two steps:
- Deploy Traceable Platform agent
- Configure mirroring in Avi Vantage
Before you begin
Make a note of the following points before configuring mirroring for Avi Vantage:
- Save Traceable agent token. Navigate to Traceable's platform and navigate to Administration () → Account → Agent Token. Copy and save the token. It would be required in the Traceable agent installation process.
- If you have your deployment on AWS, then:
- Make sure that Traceable Platform agent allows ingress traffic on port 80.
SourceDestCheckmust be disabled.Information
SourceDestCheckis a setting in AWS that determines whether the source and destination IP addresses in the network packets are validated. By default, AWS EC2 instances have this setting enabled, which means that the instance cannot be used as a router and can only send and receive traffic within its subnet.
If you want to use an EC2 instance as a router, you need to disable the
SourceDestChecksetting. When the setting is disabled, the instance can send and receive traffic from other subnets, allowing it to act as a router. This can be useful in certain network configurations, such as for network address translation (NAT), VPN, or firewall scenarios.
- Reasonable knowledge about Avi Vantage. For more information, see Avi Vantage documentation.
Step 1 – Deploy Traceable Platform agent
Complete the following steps to deploy Traceable Platform agent with mirroring:
- Launch a CentOS 7 virtual machine (VM) that is in the same VPC and subnet as the Avi Service Engine that you wish to mirror. In the following steps, the Traceable agent is installed on a CentOS 7 VM. You can choose to install on Amazon Linux 2 or Ubuntu as well. For more information, see Virtual Machine topic.InformationAvi Service Engine is a component of the Avi Vantage platform that provides load balancing, application acceleration, and application security services for modern applications. The Avi Service Engine runs on virtual machines (VMs) or bare-metal servers and integrates with the underlying infrastructure to provide a complete application delivery solution. For more information, see Service Engine Groups.
- Log into the VM that you launched in the previous step.
- Download the
install.shinstallation script from Traceable's download site. Navigate to install > traffic-mirroring > linux > latest.
- Execute the downloaded script. The script installs Traceable Platform agent and Suricata.NoteMake sure you mirror the correct interface.
sudo ./install.sh mirror -i eth0 -e avi -s avi -f "tcp" -r api.traceable.ai
You can identify the correct interface by running the
ifconfigcommand. In the following output,
eth0is the interface.
[ec2-user@ip-10-0-0-7 ~]$ ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.7 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::1b:57ff:fe88:8e09 prefixlen 64 scopeid 0x20<link> ether 02:1b:57:88:8e:09 txqueuelen 1000 (Ethernet) RX packets 212327 bytes 281794338 (268.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 126905 bytes 30304416 (28.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- Make sure that Traceable and Suricata are running. Enter the following command:ActionScript
sudo systemctl status suricata sudo systemctl status traceable
- Add the Traceable agent token that you had saved in the Before you begin section. Enter the following command:ActionScript
sudo vi /etc/traceable/agent/token
- Restart the Traceable agent service. Enter the following command:ActionScript
sudo systemctl restart traceable
- Make sure that no error logs present and a
Started metric exportermessage appears in the
traceable.logfile. Enter the following:ActionScript
Step 2 – Configure traffic mirroring in Avi Vantage
Complete the following steps to configure traffic mirroring in Avi Vantage:
- Log into Avi Vantage and navigate to Templates → Profile → Traffic Clone.
- Click on the Create button.
- In the Traffic Clone window, configure the Network, Subnet, and IP address of the Traceable Platform agent.
Apply traffic clone to a virtual service
You need to apply the traffic clone that you have created to a virtual service. Select Edit on a virtual service and then navigate to Advanced tab. You would find the traffic clone policy. Select the Traceable policy that you had created and then click on Save. Send some traffic through the Virtual Service and then check the data in Traceable Platform to verify a successful installation.