We have a new test/dev project starting that will be looking to use
some of the latest vSphere Software including NSX, Horizon View, etc. Part of the new project is to investigate and
use a physical tap as well as virtual taps for testing a data center
deployment. We will be ordering new hardware to support the testing but need to
spec the hardware for number of physical NICs. RAM, etc
In the meantime, we have a few dell R620s in a vphere 6.0 cluster we
are testing with. We have an old tap called Gigabit Copper Aggregator nTap (image below) we are using..
We will be getting a Net Optics iLink Agg 1u physical tap
We will want to capture traffic at various points coming into the datacenter
From the physical switch(s)
Traffic from a firewall or IDS
Traffic between VMs
Traffic between ESXi Hosts
Etc.
I have no experience in taps in the vSphere environment.
The questions I have are
what are the total number of physical nics required for using taps on an ESXi host
the proper way to set up a physical tap and
the proper way to set up a virtual taps
I am not sure this is correct, but as a test for physical tap, I currently
have created three virtual switches, A1 , B1, and C1 tied to three physical nics on one of the ESXi servers.
Each switch has promiscuous mode enabled.
There are VMs on the A1 and B1 switches. In the attached diagram on the mTap, I have
switch A1 going to Port A on the nTap, switch B1 going to Port B on the nTAP,
and switch C1 going to Port A/B on the nTap.
Would this filter all traffic from A1 and B1 to C1? How is the traffic gathered – I assume by
wireshark or some appliance?
Can I remove the nTap and set up a virtual taps so I capture traffic on C1?
I recommend to contact the hardware vendor for known issues and implementing best practices. Also, see the Monitoring Network Connection and Traffic section of the vSphere 6.5 Networking Guide - https://docs.vmware.com/en/VMware-vSphere/6.5/vsphere-esxi-vcenter-server-65-networking-guide.pdf
When you say "attached diagram", what are you referring to? Can only see the picture of the Net Optics device.