Sunday, April 13, 2008

Solera V2P Tap

It looks like Solera Networks built a virtual tap, as I hoped someone would. I mentioned it to Solera when I visited them last year, so I'm glad to see someone built it. I told them it would be helpful for someone to create a way for virtual switches to export traffic from the VM environment to a physical environment, so that a NSM sensor could watch traffic as it would when connected to a physical tap.

This picture describes what it does:

You can read more in this news post and product description. You can download it here. The V2P Tap requires ESX Server, which I do not run. If someone with ESX Server downloads the V2P Tap, please let me know how it works for you.

8 comments:

One Guy Nick said...

Thanks for posting this! Doing it the manual hard-coded way is a pain in the butt. This is why I subscribe to your blog in the RSS Reader. Thanks!

Anonymous said...

Thanks for info Richard. Virtual tap + freebsd 7.0 with new sguil (on esx) - it is plan for this week

jbmoore said...

It was not difficult to install. Configuring is another story. the dsfs kernel module is not loading likely due to a licensing issue. At least this is what the web interface says. The little documentation they supply says nothing about a license and one was not supplied with the download.

Anonymous said...

Can anyone assess the overall system load by using this virtual tap to send out traffic? I've seen in a VMware ESX workload analysis presentation that both disk and network I/O impose the highest virtualization overhead. So if the soft tap is sending out a lot of traffic then system resources on the physical host may become overly taxed.

jbmoore said...

My issue was resolved after tech support called me back.
Network adapter 1 must be the Management interface.
Network adapter 2 is the V2P Tap interface.
Network adapter 3 is the Regen interface.

In the Solera-V2P directory, cat Solera-V2P.vmx should show:

tools.remindInstall = "TRUE"
ethernet0.address = "00:50:56:01:01:01"
ethernet1.address = "00:50:56:02:02:02"
ethernet2.address = "00:50:56:03:03:03"

My vmx file was missing the latter three entries preventing the dsfs kernel module from loading.

The ESX server needs to be connected to either a SPAN port on a managed switch or a hub to see all traffic.

jbmoore said...

Oops, tech support gave me the wrong info about the network interface labeling. I had the correct order according to the Quick Start Guide:
NIC 1 is V2P Tap. Nic 2 is Management. Nic 3 is Regen.

Ryan said...

There is a fix posted on Solera Networks site to update the .vmx file you can download it directly here: http://www.soleranetworks.com/downloads/v2pfix.zip there is also a new package with detailed installation instructions available here: http://www.soleranetworks.com/products/virtual-tap-download.php

Anonymous said...

Hey Rich, did you notice the product is no longer free. They liked your idea so much they sold it.