Deploying Skylight sensor on AWS
  • 17 Mar 2023
  • 5 Minutes to read
  • Contributors
  • PDF

Deploying Skylight sensor on AWS

  • PDF

Article summary

This article provides step by step instructions on how to deploy a sensor on AWS, and connect the sensor to analytics.

Create VPC

To create a VPC:

  1. Navigate to VPCYour VPCsCreate VPC

image.png

  1. Choose VPC only.
  2. Provide a name for your VPC.
  3. Select IPv4 CIDR.
  4. Leave everything else on default settings and clickcreate VPC.

Create subnets

To create a subnets:

  1. Navigate to VPCSubnetsCreate subnet

image.png

  1. Select VPC ID
    Select your VPC that you created earlier.
  2. Provide Subnet Name.
  3. Enter the same IPv4 CIDR Block that you configured on the VPC.

Create Security Group

To create a security group

  1. Go to VPCSecurity GroupsCreate security groups


Note: You need to a create custom security group.


CAUTION: If you want to mirror the traffic, you will need to open port UDP 4789.

image.png

To create a custom security group

  1. Provide a name for the security group.
  2. Provide a description.
  3. Select VPC that you created earlier.
  4. For the inbound rule, configure only port SSH and UDP port 4789 .
  5. For the outbound rule, leave defaults.
  6. Validate the configuration.

Create Instance

Accessing shared AMI

Note that the sensor capture AMI is not available by default on all AWS regions and accounts. Please reach out to your support contact to get a sensor capture AMI shared with your AWS account ID

To create an Instance:

  1. Navigate to EC2InstancesLaunch an instance.

image.png

  1. Provide a name for the instance.


Note: For Application and OS Images, search for “Skylight
. If no AMIs appear, reach out to your support contact to get the AMIs shared with your account and AWS region.

If you need traffic mirroring the following non-Nitro instance types are required:

  • C4, C5, D2, G3, G3s, H1, I3, M4, P2, P3, R4, X1, X1e

Traffic Mirroring is not available on the following instance types:

  • Generation instances: C6a, C6gn, C6i, C6id, C6in, Hpc6a, I4i, Im4gn, Is4gen, M6a, M6i, M6in, R6i, R6id, R6idn, R6in, T2, Trn1, X2idn, X2iedn, X2iezn.
  • Bare metal instances.
  • Previous generation instances.

This example uses the instance type C5.xlarge, which is enough for smaller traffic. This option depends on your traffic; so you may need to adapt the instance type.

The following traffic types cannot be mirrored:

  • ARP
  • DHCP
  • Instance metadata service
  • NTP
  • Windows activation

image.png

  1. From the Key pair pull-down menu, select “proceed without a key pair”.
  2. From the VPC pull-down menu, select the VPC you created earlier.
  3. From the Subnet pull-down menu, select the subnet you created earlier.
  4. Select existing security group (by default or the one you have configured, which is recommended).
  5. Leave the Configure storage on default settings or add more volume.
  6. Once configuration is done, click Launch the instance

Incompatible Instances

If you have an instance with incompatible Traffic Mirroring, you can change it by following these instructions.

To change an incompatible Instance:

  1. Shutdown the Instance.
  2. Select the Instance.
  3. Navigate to ActionsInstance settingsChange instance type.

image.png

  1. Select the Instance type you need.
  2. Apply the new configuration.
  3. Restart the Instance.

Create Network Interface

To create a Network Interface:

  1. Navigate to EC2Network interfacesCreate network interface.

image.png

  1. Provide a description for the interface.
  2. Select the subnet you created earlier.
  3. Select the default security groups or one you have configured (recommended).
  4. Click Create network interface.

Create Internet Gateways

To create Internet Gateways:

  1. Navigate to VPCInternet GatewaysCreate internet gateway.

image.png

  1. Select name tag for the Internet Gateways.
  2. Click Create internet gateway.
  3. Select new Internet gateway.
  4. Click actionsAttach to VPC
  5. Select your VPC.
  6. Validate the configuration.

Create Route Tables

To create Route Tables

  1. Navigate to VPCYour VPCs.
  2. Select** your VPC** and click Resource Map.

image.png

  1. Click route table.
    A new page will open.

image.png

  1. Click Routes.

image.png

  1. Click Edit routes.
  2. Add new route (example 0.0.0.0/0).
  3. From the target category, choose your Internet Gateway.

image.png

  1. Click Save changes to save these configurations.

Add interface on Instance

To add an interface to an Instance:

  1. Select the instance.
  2. Navigate to ActionsNetworkingAttach network interface.

image.png

  1. Select new network interface.
  2. Apply the configuration.

If Public IP Address is Lost

If you lose the public IP address, you can associate an Elastic IP address to your sensors, by following these steps.

To associate an Elastic IP address to your sensors:

  1. Navigate to EC2Elastic IP addressAssociate Elastic IP address.
  2. Navigate to EC2Elastic IP‘s
  3. Select IP address.
  4. Click “Associate Elastic IP address

image.png

  1. Select Network interface in resource type and choose your Network Interface.

    CAUTION: Your network interface must be the interface that will not receive the traffic from port mirroring. This interface needs to be configured with a routes table and internet gateway.
  2. Select private IP address.
  3. Click on Associate

Create Traffic Mirroring

This section will show you how to create traffic mirroring, via the creation of:

  • Mirror targets
  • Mirror filters and
  • Mirror sessions

Mirror targets

To create traffic mirror targets:

  1. Navigate to VPCTraffic mirror targetsCreate traffic mirror target.

image.png

  1. Provide a Name tag.
  2. Select target.
    The example below uses a network interface, but we recommend you choose the network interface you have created and which be used for receiving traffic mirroring.
  3. Click Create.

Mirror filters

To create traffic mirror filter:

  1. Navigate to VPCTraffic mirror filtersCreate traffic mirror filter.

image.png

  1. Provide a Name tag.
  2. Configure inbound rules and outbound rules.
    Below example accepted all traffic.
  3. Validate the configuration.

Mirror sessions

To create traffic mirror session:

  1. Navigate to VPCTraffic mirror sessionsCreate traffic mirror session.

image.png

  1. Provide a Name tag.
  2. Select mirror source.
    This is the interface where you want to send the traffic mirror. We recommend you choose the instance that is on the same VPC.
  3. Choose the mirror target.
    This is the interface where you will send the traffic from the mirror source.
  4. Provide a session number.
  5. Select the filter you created earlier.
  6. Validate the configuration.

Connect the sensor to Analytics

To connect the sensor to analytics:

  1. Connect to the sensor with your credentials.
  2. Set the interface eth1 up with : ip link set dev eth1 up.
  3. Change the MTU, by setting it to1500 : ip link set dev eth0 mtu 1500.
  4. Connect to analytics with the command : register skylight.
  5. Follow the steps to connect your sensor.
  6. Check the traffic with the command: bmon

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.