Solera V2P Tap

It looks like Solera Networks built a virtual tap, as I hoped someone would. I mentioned it to Solera when I visited them last year, so I'm glad to see someone built it. I told them it would be helpful for someone to create a way for virtual switches to export traffic from the VM environment to a physical environment, so that a NSM sensor could watch traffic as it would when connected to a physical tap.

This picture describes what it does:

You can read more in this news post and product description. You can download it here. The V2P Tap requires ESX Server, which I do not run. If someone with ESX Server downloads the V2P Tap, please let me know how it works for you.

Comments

Unknown said…
Thanks for posting this! Doing it the manual hard-coded way is a pain in the butt. This is why I subscribe to your blog in the RSS Reader. Thanks!
Anonymous said…
Thanks for info Richard. Virtual tap + freebsd 7.0 with new sguil (on esx) - it is plan for this week
jbmoore said…
It was not difficult to install. Configuring is another story. the dsfs kernel module is not loading likely due to a licensing issue. At least this is what the web interface says. The little documentation they supply says nothing about a license and one was not supplied with the download.
Anonymous said…
Can anyone assess the overall system load by using this virtual tap to send out traffic? I've seen in a VMware ESX workload analysis presentation that both disk and network I/O impose the highest virtualization overhead. So if the soft tap is sending out a lot of traffic then system resources on the physical host may become overly taxed.
jbmoore said…
My issue was resolved after tech support called me back.
Network adapter 1 must be the Management interface.
Network adapter 2 is the V2P Tap interface.
Network adapter 3 is the Regen interface.

In the Solera-V2P directory, cat Solera-V2P.vmx should show:

tools.remindInstall = "TRUE"
ethernet0.address = "00:50:56:01:01:01"
ethernet1.address = "00:50:56:02:02:02"
ethernet2.address = "00:50:56:03:03:03"

My vmx file was missing the latter three entries preventing the dsfs kernel module from loading.

The ESX server needs to be connected to either a SPAN port on a managed switch or a hub to see all traffic.
jbmoore said…
Oops, tech support gave me the wrong info about the network interface labeling. I had the correct order according to the Quick Start Guide:
NIC 1 is V2P Tap. Nic 2 is Management. Nic 3 is Regen.
Unknown said…
There is a fix posted on Solera Networks site to update the .vmx file you can download it directly here: http://www.soleranetworks.com/downloads/v2pfix.zip there is also a new package with detailed installation instructions available here: http://www.soleranetworks.com/products/virtual-tap-download.php
Anonymous said…
Hey Rich, did you notice the product is no longer free. They liked your idea so much they sold it.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics