- 17 Mar 2023
- 5 Minutes to read
- Contributors
- Print
- PDF
Deploying Skylight sensor on AWS
- Updated on 17 Mar 2023
- 5 Minutes to read
- Contributors
- Print
- PDF
This article provides step by step instructions on how to deploy a sensor on AWS, and connect the sensor to analytics.
Create VPC
To create a VPC:
- Navigate to VPC ⇒ Your VPCs ⇒ Create VPC
- Choose VPC only.
- Provide a name for your VPC.
- Select IPv4 CIDR.
- Leave everything else on default settings and clickcreate VPC.
Create subnets
To create a subnets:
- Navigate to VPC ⇒ Subnets ⇒ Create subnet
- Select VPC ID
Select your VPC that you created earlier. - Provide Subnet Name.
- Enter the same IPv4 CIDR Block that you configured on the VPC.
Create Security Group
To create a security group
- Go to VPC ⇒ Security Groups ⇒ Create security groups
Note: You need to a create custom security group.
CAUTION: If you want to mirror the traffic, you will need to open port UDP 4789.
To create a custom security group
- Provide a name for the security group.
- Provide a description.
- Select VPC that you created earlier.
- For the inbound rule, configure only port SSH and UDP port 4789 .
- For the outbound rule, leave defaults.
- Validate the configuration.
Create Instance
Note that the sensor capture AMI is not available by default on all AWS regions and accounts. Please reach out to your support contact to get a sensor capture AMI shared with your AWS account ID
To create an Instance:
- Navigate to EC2 ⇒ Instances ⇒ Launch an instance.
- Provide a name for the instance.
Note: For Application and OS Images, search for “Skylight”
. If no AMIs appear, reach out to your support contact to get the AMIs shared with your account and AWS region.
If you need traffic mirroring the following non-Nitro instance types are required:
- C4, C5, D2, G3, G3s, H1, I3, M4, P2, P3, R4, X1, X1e
Traffic Mirroring is not available on the following instance types:
- Generation instances: C6a, C6gn, C6i, C6id, C6in, Hpc6a, I4i, Im4gn, Is4gen, M6a, M6i, M6in, R6i, R6id, R6idn, R6in, T2, Trn1, X2idn, X2iedn, X2iezn.
- Bare metal instances.
- Previous generation instances.
This example uses the instance type C5.xlarge, which is enough for smaller traffic. This option depends on your traffic; so you may need to adapt the instance type.
The following traffic types cannot be mirrored:
- ARP
- DHCP
- Instance metadata service
- NTP
- Windows activation
- From the Key pair pull-down menu, select “proceed without a key pair”.
- From the VPC pull-down menu, select the VPC you created earlier.
- From the Subnet pull-down menu, select the subnet you created earlier.
- Select existing security group (by default or the one you have configured, which is recommended).
- Leave the Configure storage on default settings or add more volume.
- Once configuration is done, click Launch the instance
Incompatible Instances
If you have an instance with incompatible Traffic Mirroring, you can change it by following these instructions.
To change an incompatible Instance:
- Shutdown the Instance.
- Select the Instance.
- Navigate to Actions ⇒ Instance settings ⇒ Change instance type.
- Select the Instance type you need.
- Apply the new configuration.
- Restart the Instance.
Create Network Interface
To create a Network Interface:
- Navigate to EC2 ⇒ Network interfaces ⇒ Create network interface.
- Provide a description for the interface.
- Select the subnet you created earlier.
- Select the default security groups or one you have configured (recommended).
- Click Create network interface.
Create Internet Gateways
To create Internet Gateways:
- Navigate to VPC ⇒ Internet Gateways ⇒ Create internet gateway.
- Select name tag for the Internet Gateways.
- Click Create internet gateway.
- Select new Internet gateway.
- Click actions ⇒ Attach to VPC
- Select your VPC.
- Validate the configuration.
Create Route Tables
To create Route Tables
- Navigate to VPC ⇒ Your VPCs.
- Select** your VPC** and click Resource Map.
- Click route table.
A new page will open.
- Click Routes.
- Click Edit routes.
- Add new route (example 0.0.0.0/0).
- From the target category, choose your Internet Gateway.
- Click Save changes to save these configurations.
Add interface on Instance
To add an interface to an Instance:
- Select the instance.
- Navigate to Actions ⇒ Networking ⇒ Attach network interface.
- Select new network interface.
- Apply the configuration.
If Public IP Address is Lost
If you lose the public IP address, you can associate an Elastic IP address to your sensors, by following these steps.
To associate an Elastic IP address to your sensors:
- Navigate to EC2 ⇒ Elastic IP address ⇒ Associate Elastic IP address.
- Navigate to EC2 ⇒ Elastic IP‘s
- Select IP address.
- Click “Associate Elastic IP address”
- Select Network interface in resource type and choose your Network Interface.
CAUTION: Your network interface must be the interface that will not receive the traffic from port mirroring. This interface needs to be configured with a routes table and internet gateway. - Select private IP address.
- Click on Associate
Create Traffic Mirroring
This section will show you how to create traffic mirroring, via the creation of:
- Mirror targets
- Mirror filters and
- Mirror sessions
Mirror targets
To create traffic mirror targets:
- Navigate to VPC ⇒ Traffic mirror targets ⇒ Create traffic mirror target.
- Provide a Name tag.
- Select target.
The example below uses a network interface, but we recommend you choose the network interface you have created and which be used for receiving traffic mirroring. - Click Create.
Mirror filters
To create traffic mirror filter:
- Navigate to VPC ⇒ Traffic mirror filters ⇒ Create traffic mirror filter.
- Provide a Name tag.
- Configure inbound rules and outbound rules.
Below example accepted all traffic. - Validate the configuration.
Mirror sessions
To create traffic mirror session:
- Navigate to VPC ⇒ Traffic mirror sessions ⇒ Create traffic mirror session.
- Provide a Name tag.
- Select mirror source.
This is the interface where you want to send the traffic mirror. We recommend you choose the instance that is on the same VPC. - Choose the mirror target.
This is the interface where you will send the traffic from the mirror source. - Provide a session number.
- Select the filter you created earlier.
- Validate the configuration.
Connect the sensor to Analytics
To connect the sensor to analytics:
- Connect to the sensor with your credentials.
- Set the interface eth1 up with : ip link set dev eth1 up.
- Change the MTU, by setting it to1500 : ip link set dev eth0 mtu 1500.
- Connect to analytics with the command : register skylight.
- Follow the steps to connect your sensor.
- Check the traffic with the command: bmon
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks