question

KDG-LST avatar image
0 Votes"
KDG-LST asked GitaraniSharmaMSFT-4262 answered

Solution needed for "Port Mirroring" in Azure (seemed it was coming, then held)

Good afternoon, all.

We're going to be deploying a VM that ultimately needs to have it's traffic monitored by a second VM. In a physical world, we'd simply activate Port Mirroring on the network switch, or deploy some sort of Network TAP. However, we're not dealing with the physical when we're talking Azure VMs.

It appears, Azure announced a potential solution to this in 2018, and up until recently, had it in Preview (if I'm understanding what I read), a service called vTAP. However, I'm not sure to what extent it was going to do what we need (meaning, not knowing if it only streamed to certain "partner" systems, or if you could literally say "stream this over this interface to that address").... This appears to be a feature AWS has embraced, so the potential 4-year lead time on Azure is a bit disconcerting.

I'm open to alternative suggestions (that don't involve nesting VMWare inside of Azure VMs, both from clunkiness and cost perspectives). The two VMs will be Ubuntu 20, and I need the network traffic hitting VM1 to be sent to VM2 (over a secondary network interface that ties the two machines together). I'm aware there are possible software-based solutions out there, but haven't worked with them before, nor do I know what kind of processing overhead they may add to the machine.

Does anyone have thoughts on this, or (in an ideal world), know how to natively achieve this within Azure?

Thanks.

azure-virtual-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ricardosolisvillegas-4678 avatar image
1 Vote"
ricardosolisvillegas-4678 answered ricardosolisvillegas-4678 commented
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm sorry, i should have been clear - how can this be achieved without having to deploy a VMWare solution on top of Azure VM and the mess of nested virtualization (at an incredibly high cost)...

0 Votes 0 ·
KDG-LST avatar image KDG-LST ricardosolisvillegas-4678 ·

On the surface, this one looks like something to monitor a domain controller, not a home-grown linux box. The solution I need must be able to "mirror" the traffic on a linux box to another linux box, and do so without needing a third party appliance/software application (it should blindly stream the traffic, like port mirroring on a data switch would - 3rd party involvement will likely require an encrypted handshake with the appliance, which I believe will prevent the receiving linux box from being able to do it's job). :(

0 Votes 0 ·
Show more comments
GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered

Hello @KDG-LST ,

Apologies for the delay in my response.

As you correctly mentioned, Virtual network TAP Preview is currently on hold in all Azure regions. You can email at azurevnettap@microsoft.com with your subscription ID and the team will notify you with future updates about the preview. In the interim, you can use agent based or NVA solutions that provide TAP/Network Visibility functionality through our Packet Broker partner solutions available in Azure Marketplace Offerings.

Refer : https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview#virtual-network-tap-partner-solutions
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-traffic-inspection

Most of the customers are using our Virtual network TAP Partner solution GigaVUE Cloud Suite for Azure.
Refer: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/gigamon-inc.gigamon-fm-5_15_00?tab=Overview
https://www.gigamon.com/content/dam/resource-library/english/data-sheet/ds-gigavue-cloud-azure.pdf

There is no other inbuild solution available at the moment but from what I've heard the Azure Product Group team is targeting the private preview of Virtual Tap in H2CY22 (second half of 2022).

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.