This article explains how Provider Connectivity Assurance (formerly Skylight) is integrated in Google Cloud Platform (GCP).
Cloud Challenges
More Complexity. More Users. Less Visibility.
No access to the network layer
There is no network layer access! How can I capture the network traffic?
GCP: Basic Concepts to Know
Provider Connectivity Assurance in the Cloud: General Principles and Architectures
Cloud visibility using Google packet mirroring
The picture above shows the simplest configuration where the mirrored subnet and the collector subnet are in the same VPC. See GCP packet mirroring for details on how to configure GCP for packet mirroring.
Assurance Sensor Capture deployed within collector-subnet
- Receives monitored network traffic
- Computes Per Packet Intel
- Sends Per Packet Intel to Provider Connectivity Assurance (formerly Skylight analytics) through HTTPS (TCP port 443)
Technical Requirements
Assurance Sensor Capture
- Version 21.02.10-r1 release and above
Network Flows Requirements
Ingress traffic | Egress traffic | |
---|---|---|
Assurance Sensor Capture | TCP port 443 to Provider Connectivity Assurance and TCP port 443 to NATS on same Provider Connectivity Assurance |
Main Deployment Steps
▶ To Deploy
-
Deploy Assurance Sensor Capture(s).
-
Link deployed Assurance Sensor Capture(s) to your Provider Connectivity Assurance tenant.
Deploying an Assurance Sensor Capture in GCP
Note that the Assurance Sensor Capture image is not available on GCP marketplace.
The whole process requires the following steps.
▶ To deploy an Assurance Sensor Capture in GCP
- Create a storage bucket.
-
Go to the Storage menu of your GCP account and click CREATE BUCKET.
-
Give it a name and click Create.
-
You can leave all options by default and simply click CREATE.
- Convert .qcow2 file in raw format.
- In the CLI on your local machine, convert the .qcow2 file provided by Cisco to raw format.
- For this, you can use the qemu-img tool :
qemu-ing convert -f qcow2 -0 raw Skylight-PVX-sensor-20.11.4.qcow2 disk.raw
CAUTION: The destination file must be called “disk.raw”. Otherwise, it will not be recognized by GCP.
- Convert raw format in tar.gz
- From your local CLI again, convert the raw file into .tar.gz.
- At this stage, you can provide any name you like so as to easily recognize the file once it is uploaded to GCP:
tar -Sczf skylight-sensor.tar.gz disk.raw
- Upload the file to the storage bucket.
-
Now that your file is ready, you can upload it to GCP by using the UPLOAD FILES menu in the GCP storage bucket menu.
-
The upload process may take awhile.
-
If the upload is successful, you should see the following uploaded file:
- Create an image based on the uploaded file.
-
You can now create an image based on the uploaded file.
-
Go to the Compute Engine menu and select CREATE IMAGE.
-
Give it a name and select the Cloud Storage file option under Source menu.
-
Select the storage bucket and the upload file. Once the file is selected, click CREATE to finalize the process.
-
Do not be surprised if you do not see anything on the screen (no “ongoing process” or any message).
- You have to wait a few seconds or minutes to see the newly created image appear on the screen (simply refresh).
- Deploy an Assurance Sensor Capture from the created image.
-
Go to the Compute engine menu and click on Create an instance.
-
The only specific point here is to change the boot disk provided by default, and select your image in the custom images menu.
-
Once your instance is created, you should see it in your running instances list:
Linking an Assurance Sensor Capture to a Provider Connectivity Assurance tenant
▶ To Link an Assurance Sensor Capture to a Provider Connectivity Assurance Tenant
- Select deployment model.
-
Type deploy show to check the actual deployment model.
-
Type deploy disable PVX to disable the PVX deployment model.
-
Type deploy enable Analytics to activate the appropriate deployment model.
- Link the Sensor to your Provider Connectivity Assurance own tenant.
- Type register skylight to initiate the process.
- When being prompted, provide the following information:
- Tenant Host: URL of your Provider Connectivity Assurance tenant
- Username: your admin username
- Password: password linked to your username
- You can check the presence of your sensor under Data Connections menu in Provider Connectivity Assurance.
© 2025 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks