Deploying Skylight sensor on AWS

This article provides step by step instructions on how to deploy a sensor on AWS, and connect the sensor to analytics.

Create VPC

To create a VPC:

1. Navigate to VPC ⇒ Your VPCs ⇒ Create VPC

2. Choose VPC only.
3. Provide a name for your VPC.
4. Select IPv4 CIDR.
5. Leave everything else on default settings and clickcreate VPC.

Create subnets

To create a subnets:

1. Navigate to VPC ⇒ Subnets ⇒ Create subnet

2. Select VPC ID
   Select your VPC that you created earlier.
3. Provide Subnet Name.
4. Enter the same IPv4 CIDR Block that you configured on the VPC.

Create Security Group

To create a security group

1. Go to VPC ⇒ Security Groups ⇒ Create security groups

To create a custom security group

1. Provide a name for the security group.
2. Provide a description.
3. Select VPC that you created earlier.
4. For the inbound rule, configure only port SSH and UDP port 4789 .
5. For the outbound rule, leave defaults.
6. Validate the configuration.

Create Instance

To create an Instance:

1. Navigate to EC2 ⇒ Instances ⇒ Launch an instance.

2. Provide a name for the instance.

If you need traffic mirroring the following non-Nitro instance types are required:

• C4, C5, D2, G3, G3s, H1, I3, M4, P2, P3, R4, X1, X1e

Traffic Mirroring is not available on the following instance types:

• Generation instances: C6a, C6gn, C6i, C6id, C6in, Hpc6a, I4i, Im4gn, Is4gen, M6a, M6i, M6in, R6i, R6id, R6idn, R6in, T2, Trn1, X2idn, X2iedn, X2iezn.
• Bare metal instances.
• Previous generation instances.

This example uses the instance type C5.xlarge, which is enough for smaller traffic. This option depends on your traffic; so you may need to adapt the instance type.

The following traffic types cannot be mirrored:

• ARP
• DHCP
• Instance metadata service
• NTP
• Windows activation

1. From the Key pair pull-down menu, select “proceed without a key pair”.
2. From the VPC pull-down menu, select the VPC you created earlier.
3. From the Subnet pull-down menu, select the subnet you created earlier.
4. Select existing security group (by default or the one you have configured, which is recommended).
5. Leave the Configure storage on default settings or add more volume.
6. Once configuration is done, click Launch the instance

Incompatible Instances

If you have an instance with incompatible Traffic Mirroring, you can change it by following these instructions.

To change an incompatible Instance:

1. Shutdown the Instance.
2. Select the Instance.
3. Navigate to Actions ⇒ Instance settings ⇒ Change instance type.

4. Select the Instance type you need.
5. Apply the new configuration.
6. Restart the Instance.

Create Network Interface

To create a Network Interface:

1. Navigate to EC2 ⇒ Network interfaces ⇒ Create network interface.

2. Provide a description for the interface.
3. Select the subnet you created earlier.
4. Select the default security groups or one you have configured (recommended).
5. Click Create network interface.

Create Internet Gateways

To create Internet Gateways:

1. Navigate to VPC ⇒ Internet Gateways ⇒ Create internet gateway.

2. Select name tag for the Internet Gateways.
3. Click Create internet gateway.
4. Select new Internet gateway.
5. Click actions ⇒ Attach to VPC
6. Select your VPC.
7. Validate the configuration.

Create Route Tables

To create Route Tables

1. Navigate to VPC ⇒ Your VPCs.
2. Select** your VPC** and click Resource Map.

3. Click route table.
   A new page will open.

4. Click Routes.

5. Click Edit routes.
6. Add new route (example 0.0.0.0/0).
7. From the target category, choose your Internet Gateway.

8. Click Save changes to save these configurations.

Add interface on Instance

To add an interface to an Instance:

1. Select the instance.
2. Navigate to Actions ⇒ Networking ⇒ Attach network interface.

3. Select new network interface.
4. Apply the configuration.

If Public IP Address is Lost

If you lose the public IP address, you can associate an Elastic IP address to your sensors, by following these steps.

To associate an Elastic IP address to your sensors:

1. Navigate to EC2 ⇒ Elastic IP address ⇒ Associate Elastic IP address.
2. Navigate to EC2 ⇒ Elastic IP‘s
3. Select IP address.
4. Click “Associate Elastic IP address”

5. Select Network interface in resource type and choose your Network Interface.
   

   ---

   CAUTION: Your network interface must be the interface that will not receive the traffic from port mirroring. This interface needs to be configured with a routes table and internet gateway.

   ---

6. Select private IP address.
7. Click on Associate

Create Traffic Mirroring

This section will show you how to create traffic mirroring, via the creation of:

• Mirror targets
• Mirror filters and
• Mirror sessions

Mirror targets

To create traffic mirror targets:

1. Navigate to VPC ⇒ Traffic mirror targets ⇒ Create traffic mirror target.

2. Provide a Name tag.
3. Select target.
   The example below uses a network interface, but we recommend you choose the network interface you have created and which be used for receiving traffic mirroring.
4. Click Create.

Mirror filters

To create traffic mirror filter:

1. Navigate to VPC ⇒ Traffic mirror filters ⇒ Create traffic mirror filter.

2. Provide a Name tag.
3. Configure inbound rules and outbound rules.
   Below example accepted all traffic.
4. Validate the configuration.

Mirror sessions

To create traffic mirror session:

1. Navigate to VPC ⇒ Traffic mirror sessions ⇒ Create traffic mirror session.

2. Provide a Name tag.
3. Select mirror source.
   This is the interface where you want to send the traffic mirror. We recommend you choose the instance that is on the same VPC.
4. Choose the mirror target.
   This is the interface where you will send the traffic from the mirror source.
5. Provide a session number.
6. Select the filter you created earlier.
7. Validate the configuration.

Connect the sensor to Analytics

To connect the sensor to analytics:

1. Connect to the sensor with your credentials.
2. Set the interface eth1 up with : ip link set dev eth1 up.
3. Change the MTU, by setting it to1500 : ip link set dev eth0 mtu 1500.
4. Connect to analytics with the command : register skylight.
5. Follow the steps to connect your sensor.
6. Check the traffic with the command: bmon