Chapter 6

Installing vSTREAM Virtual Appliance

in VMware Environments

This chapter describes how to install the vSTREAM virtual appliance in a VMware ESXi
environment. See the following sections for details:
"System Requirements
"Installing/Upgrading NETSCOUT Software" on page 6-3
"Deploying the Virtual Appliance" on page 6-4
"Reinstalling the vSTREAM Application" on page 6-38
"Configuring System Settings" on page 6-40
"Configure PCI Passthrough in VMware Deployments" on page 6-42
"Enable SR-IOV" on page 6-46
"Enable DPDK Support" on page 6-49
"Using vSTREAM Virtual Appliances in a Clustered/vMotion Environment" on
page 6-50

Note: This guide assumes you have an existing VMware ESXi server deployed, as
well as working knowledge of your VMware environment. Refer to your VMware
documentation for details on administering the target environment.

6-1
 Table 6-1 summarizes the minimum hypervisor and virtual environment requirements for the
target VMware environment:

Note: Deploying a vSTREAM virtual appliance requires sufficient privileges in the target
virtual environment. Consult the documentatio
for details on the privileges necessary to deploy a virtual machine from a template.

VMware vSphere ESXi 7.0, 6.7, or 6.5

Hypervisor VMware vSphere ESXi Standard, Enterprise, or Enterprise Plus

running ESXi 7.0, 6.7, or 6.5 installed on an Intel-based platform.
Processor must be a minimum of Intel Westmere generation or
better.
Note: AMD-based platforms are not supported.
Note: Free editions of ESXi are not supported, regardless of the
version number. You must use an ESXi version with a paid
license.
Note: Make sure you have installed the latest updates available
on the VMware website.

vSphere Client vSphere HTML5 Client

Virtual Switch

Minimum EVC CPU Baseline for Clustered vSTREAM Appliances

VMware clusters can use Enhanced vMotion Compatibility (EVC) to handle vMotion
compatibility across CPU generations. This technology works by specifying a minimum CPU
baseline for hosts in the cluster and can have the net result of a host offering vCPU features
at a lower level than its native processor (for example, a host configured with a Sandy Bridge
processor operating as part of a cluster with an EVC baseline of L2 - Nehalem).
The minimum EVC baseline for a cluster containing vSTREAM appliances is L3 - Westmere.
Note: Refer to your VMware documentation for details on configuring the EVC baseline for a
cluster.

About GeoProbe Support

vSTREAM is a member of the InfiniStreamNG family and supports installation of GeoProbe
functionality. You can install GeoProbe functionality on vSTREAM virtual appliances
provisioned with a minimum of four vCPUs and eight GB of memory.

6-2
 Installing GeoProbe software allows management and analysis from an associated IrisView
server. You can also optionally export data to an associated nGenius Business Analytics (nBA)
server if ASI support is enabled during installation of the Geo-6320-xxx-176.bin file.

Note: GeoProbe software is not supported for vSTREAM instances

deployed in public cloud (AWS, Microsoft Azure, or Google Cloud Platform)
environments. It is also not supported in Microsoft Hyper-V environments.

Installing/Upgrading NETSCOUT Software

You must install or upgrade your NETSCOUT software to the most recent versions to use it
with an vSTREAM virtual appliance.
and view data from vSTREAM 6.3.2 virtual
appliances.
a vSTREAM virtual appliance to enable use
with the IrisView suite of applications, refer to the Iris documentation for information
on the supported version.
For more information on installing and upgrading nGeniusONEand IrisView, see the
documentation located on the NETSCOUT SYSTEMS web site
(https://my.netscout.com/Pages/Overview.aspx).

Installing vSTREAM Virtual Appliance in VMware Environments 6-3

 Deploying the Virtual Appliance
This section describes how to deploy the vSTREAM virtual appliance. Refer to the following
sections for details:
"Copy Installation Files to Local Machine" on page 6-4
"Deploy the Virtual Machine Using the OVF File" on page 6-4
"Configure Resources for Virtual Appliance" on page 6-11
"Resize Storage Disk for Packet/Data Recording" on page 6-11
"Configuring vSTREAM RAM" on page 6-11
"Configuring vSTREAM vCPUs" on page 6-13
"Add Monitoring vNICs (Optional)" on page 6-15
"Configure Packet Acquisition (Port Groups/Port Mirroring)" on page 6-19
"Start the Virtual Appliance" on page 6-37

Copy Installation Files to Local Machine

Download and extract the appropriate zip file for your VMware/ESXi installation from the
NETSCOUT SYSTEMS web site at https://my.netscout.com/Pages/Overview.aspx. Use the
information in Table 6-2 to select the correct file for your purchase and environment:

Table 6-2 Required Files for vSTREAM Installation in VMware Environments

Zip File from NETSCOUT Download

Site Zip File Contents Description

6320-xxx-vSTREAM-VMware.zip vSTREAM.ovf Download this file if you do not intend to

vSTREAM-disk1.vmdk install GeoProbe functionality.
Image files for vSTREAM virtual appliance with
installation file for vSTREAM application
included. GeoProbe installation file is not
included.

6320-xxx-vSTREAM-VMware-Geo.zip vSTREAM.ovf Download this file if you do intend to install

vSTREAM-disk1.vmdk GeoProbe functionality.
Image files for vSTREAM virtual appliance with
installation files for both vSTREAM and
GeoProbe applications included.

Deploy the Virtual Machine Using the OVF File

1 Open a client connection to the ESX/ESXi host on which you want to install the
vSTREAM virtual machine.
Note: There are multiple clients available for ESX/ESXi hosts. This procedure is
illustrated using the HTML5-based vSphere Client. Your client may appear slightly
differently; however, the general deployment procedure is the same.

6-4 Deploying the Virtual Appliance

 2
and choose the Deploy OVF Template command. (Figure 6-1).

Figure 6-1 Deploying the OVF File for vSTREAM Virtual Machine

3 If you are using the vSphere Web Client and have not already installed the Client
Integration Plug-in to enable OVF functionality, the vSphere Web Client will guide you
through the procedure to download and install it now. Once you have finished
installing the plug-in, restart your browser and begin the installation procedure again.

Note: The first time you launch your browser after installing the Client Integration
Plug-in, you may need to launch it by right-clicking its icon and choosing the Run as
administrator option to allow use of the plug-in. Once the plug-in has been executed
and allowed once, you should be able to run the browser normally on subsequent
connections.

4 You can install either from a URL or a Local file. In this example, click the Browse
button to navigate to the location where you extracted the vSTREAM.ovf file, select
both the .ovf and vSTREAM-disk1.vmdk files, and click Next to continue (Figure 6-2).

Figure 6-2 Browsing to the vSTREAM.ovf File

Installing vSTREAM Virtual Appliance in VMware Environments 6-5

 5 Specify a name and select a location (folder or datacenter) for the virtual machine and
click Next to continue (Figure 6-3).

Figure 6-3 Specifying the Name and Location for the Virtual Machine

6 Select the destination compute resource where the deployed template should be run.
You can select a cluster, host, or resource pool (Figure 6-4).

Figure 6-4 Specifying Resource to Run Deployed Template

7 Review the details on the selected OVF file displayed by the wizard (Figure 6-5) and
click Next to continue.

Note: The disk space reported here is for the virtual machine and its operating system
only; additional disk space is required for storage as a secondary disk. Refer to Table 6-4
on page 6-11. for storage recommendations by model number.

6-6 Deploying the Virtual Appliance

 Figure 6-5 OVF File Details

8 Select the Thick Provision Lazy Zeroed disk format for the vi
disks and leave the VM Storage Policy at the Datastore Default (Figure 6-6). The Thick
Provision Lazy Zeroed format is the only one supported for the vSTREAM virtual
machine.
9 If you are installing in an environment with multiple storage arrays available, you can
e virtual machine. Select a datastore with
sufficient free space for the virtual machine and click Next to continue (Figure 6-6).

Figure 6-6 Setting Virtual Disk Format and Selecting Datastore

Installing vSTREAM Virtual Appliance in VMware Environments 6-7

 10 Select the networks to be used by the vi
ports and click Next to continue (Figure 6-7).

Figure 6-7 Configuring Network Settings for the Virtual Machine

11 The next step lets you configure system settings for the vSTREAM virtual appliance,
including its IP profile, DNS server(s), NTP server(s), and the IP address of the
managing nGeniusONE server (Figure 6-8).
Configuring these settings in the deployment wizard is optional. If you choose not
to configure them at this time, you can configure them post-installation using the
nGApplianceConfig.plx script, as described in "Configuring System Settings" on
page 6-40.
Table 6-3 summarizes the system settings you can configure in this step:

Note: The installation wizard does not let you configure a time zone and defaults the
setting to the Eastern U.S. time zone. Log in to the command line after installation and
use the standard Linux tzselect command to reconfigure the time zone as necessary.

Table 6-3 Configuring vSTREAM Settings

vSTREAM Setting Description

IP Address IP address of the vSTREAM virtua

You can either specify a static IP address or leave the field set to
zeros to retrieve an IP address using DHCP.
Supported formats for all IP addresses are:

The wizard lets you set an IP address matching the version of the
management network you selected in Step 10, IPv4 for IPv4 and
IPv6 for IPv6.

6-8 Deploying the Virtual Appliance

 Table 6-3 Configuring vSTREAM Settings

Netmask Subnet mask for the Management port (required for IPv4 only).
You can enter is either using standard IPv4 dotted decimal
format (for example, 255.255.255.0) or in CIDR format (for
example, /24).

Default Gateway Default gateway for the Management port.

Hostname Simple hostname for the virtual appliance.

Domain Name
connected.

Domain Name Server 1/2 IP address of a DNS server (nameserver). You can specify a
second DNS server to be used as a backup in case the first server
is unreachable.

NTP Server 1/2 IP address of an NTP server to be used for synchronization of the
You can specify a second NTP
server to be used as a backup in case the first server is
unreachable.

nGenius Server IP The IP address of the nGeniusONE server that will manage this
virtual appliance.

vSTREAM Data Disk Size Specify the size of the secondary disk used for packet and data
storage and click Next to continue. The default size is 100 GB.
You can specify values up a maximum of 64 TB.

Figure 6-8 Configuring System Settings for the Virtual Machine

Installing vSTREAM Virtual Appliance in VMware Environments 6-9

 12 Review the settings for the virtual machine, leave the Power on after deployment
checkbox unchecked, and click Finish to complete deployment of the virtual machine
(Figure 6-9).

Figure 6-9 Completing the Virtual Machine Deployment

6-10 Deploying the Virtual Appliance

Configure Resources for Virtual Appliance
The vSTREAM virtual appliance is provisioned with sufficient resources for most common
deployment scenarios, as summarized in Table 6-4. If necessary, you can use the instructions
in this section to adjust the computing resources assigned to the vSTREAM virtual appliance,
including vCPUs, RAM, the secondary hard disk for packet storage, and additional monitoring
vNICs, if desired
Table 6-4 summarizes the resources with which the vSTREAM Virtual Appliance is provisioned
by default, as well as a recommended setting range for each.

Note: Some vSTREAM features require provisioning of more resources than

others. Refer to "vSTREAM Provisioning Requirements" on page 1-6 for a
discussion of the resources required for different features.

Table 6-4 Computing Resource for vSTREAM Virtual Appliance

Default Setting in Virtual Machine

Component Image Recommended Setting

vCPUs 1 1-241

RAM 2 GB 2-64 GB

Hard Disks

You can also add additional

monitoring vNICs, up to a maximum
vNICs of four.

1. Note that vSTREAM vCPUs are licensed in blocks of eight. You can only provision vCPUs up to the
maximum allowed by your currently installed license. You can always purchase and apply a license to allow
additional vCPUs.

Resize Storage Disk for Packet/Data Recording

vSTREAM uses a secondary storage disk as a repository for packet and data recording. This
disk was provisioned and sized during the deployment of the virtual machine. You can use
the following procedure to resize the storage disk prior to launch of the virtual machine, if
desired.
1
inventory list and select Edit Settings from the context menu that appears..
2 Change the size reported for Hard disk 2 as necessary, and click OK to resize the disk.

Configuring vSTREAM RAM

You can reconfigure the amount of memory assigned to the vSTREAM Virtual Appliance after
the virtual machine is deployed.

Note: Some vSTREAM features require provisioning of more RAM than others.
Refer to "vSTREAM Provisioning Requirements" on page 1-6 for a discussion of the
resources required for different features.

Installing vSTREAM Virtual Appliance in VMware Environments 6-11

 Use the following procedure to reconfigure the RAM assigned to the vSTREAM virtual
machine.
1
inventory list and select Edit Settings from the context menu that appears.
2 The Edit Settings dialog box appears. Change the following values:
a Select the Memory entry and change it to the desired amount using the
recommendations in Table 6-4 (Figure 6-10).

Figure 6-10 Configuring Memory

3 Click OK to commit your changes.

6-12 Deploying the Virtual Appliance

 Configuring vSTREAM vCPUs
The vSTREAM virtual machine is provisioned by default with a single vCPU. Keep in mind that
appliance performance is directly tied to available resources and the processing load placed
upon them. Refer to "vSTREAM Provisioning Requirements" on page 1-6 for a discussion of
the vCPUs required for different features.
Keep in mind the following guidelines when provisioning vSTREAM vCPUS:
even number of vCPUs when provisioning
additional vCPUs; there is no performance improvement when adding a single vCPU
to get to an odd number of vCPUs.
If you require more than two vCPUs, NETSCOUT recommends provisioning at
least eight vCPUs. There is little performance improvement when increasing from
two vCPUs to either four or six vCPUs.
maximum number of vCPUs allowed
for across all managed vSTREAM instances. You can configure the virtual appliance to
use up to the maximum number of vCPUs ava
of managed vSTREAMs. Once the total number of vCPUs provisioned for all vSTREAMs
managed by nGeniusONE exhausts the available vCPU licenses, you must purchase
another license for additional vCPUs before you can add another vSTREAM to
nGeniusONE.
Use the following procedure to configure vSTREAM vCPUs:
1
inventory list and select Edit Settings from the context menu that appears.
a Select the CPU entry and change it to the number of vCPUs desired for your
vSTREAM Virtual Appliance (Figure 6-11).
Make sure all cores are set on the same socket (the Number of cores per
socket option is set to the same value as the CPU option and Sockets reads 1
as in the figure below).

Figure 6-11 Configuring vCPU Cores

2 Click OK to apply your changes to the virtual appliance.

Installing vSTREAM Virtual Appliance in VMware Environments 6-13

 Reserving Resources?
You may be able to improve virtual appliance performance by reserving CPU and Memory
resources using the Reservation option in each of their respective sections in the Edit
Settings dialog box (Figure 6-12). However, this is not required for successful appliance
performance.

Figure 6-12 Reserving Virtual Appliance Resources

6-14 Deploying the Virtual Appliance

Add Monitoring vNICs (Optional)
The vSTREAM virtual appliance is provisioned with a single monitoring vNIC by default. Use
the following procedure to add additional monitoring vNICs, up to a maximum of four:
1
inventory list and select Edit Settings from the context menu that appears.
The Edit Settings dialog box appears.
2 Click the Add New Device button at the top of the dialog box and select the Network
Adaption option from the list that appears (Figure 6-13).

Figure 6-13 Adding a vNIC for Management Traffic

A New Network entry appears in the Virtual Hardware list at the left of the Edit Settings
dialog box.
3 Click the New Network entry and set the following options for the monitoring vNIC
(Figure 6-14):
Connect at power on option so that the vNIC connects when the
virtual appliance starts.
Adapter Type to VMXNET3. This is the only supported adapter for
vSTREAM.
p configured in promiscuous mode for
packet acquisition, you can use the network dropdown shown in Figure 6-14 to
assign the monitoring interface to it now.

Installing vSTREAM Virtual Appliance in VMware Environments 6-15

 Refer to the section corresponding to your switch type for information on configuring
a monitoring port group:
"Configuring a Port Group on a vSphere Standard Switch" on page 6-32
"Configuring a Distributed Port Group on a vSphere Distributed Switch" on
page 6-27

Note: NETSCOUT recommends using port mirroring rather than a monitoring

port group configured in promiscuous mode in vDS deployments.

Figure 6-14 illustrates the assignment of a monitoring interface to a monitoring port

group.

Figure 6-14 Configuring the Monitoring vNIC

4 Review the settings for the monitoring vNIC, correct as necessary, and click OK to
create the vNIC.

6-16 Deploying the Virtual Appliance

 Using the VMXNET3 Driver with Multiple vNICs
A known issue with the VMXNET3 driver prevents vSTREAM from using more than one
management interface and two monitoring interfaces with that driver. Once a third
monitoring interface using VMXNET3 is added, the vSTREAM becomes unreachable over the
eth0 management interface because of changes in interfaces names and sequences.
This section provides a workaround that lets you use up to the maximum of four monitoring
and one management interface with the VMXNET3 driver. With this workaround, you use the
ifconfig command to check the MAC address of all vSTREAM ports. Then, you use the MAC
addresses to assign the eth0 management port to the correct vSwitch. Use the following
procedure:
1 Open a command-line session with the vSTREAM virtual appliance.
2 Use the ifconfig command and note the MAC addresses of all network interfaces
(refer to the highlighted portions of Figure 6-15).

Figure 6-15 Using ifconfig to Record MAC Addresses

3 From the vSphere client, open the Virtual Machine Properties view for the vSTREAM
virtual machine.

Installing vSTREAM Virtual Appliance in VMware Environments 6-17

 4 Locate the entry for the Network adapter with the MAC address matching the MAC
address reported for eth0 by ifconfig (Figure 6-16). You will need to cascade each
Network adapter entry open to see the MAC address field

Figure 6-16 Locating the Entry for eth0 by MAC Address

5 Use the network dropdown highlighted in Figure 6-16 to assign eth0 to the correct
vSwitch port group for management traffic (Figure 6-16).
6 Check the Network adapter entries for each monitoring interface and ensure they
are set to the correct networks as well.
7 Open the following file in a text editor:

8 Ensure that the value reported for HWADDR in this file matches the MAC address
reported for eth0 in the ifconfig command you used in Step 1. If it does not match,
edit the value for HWADDR to match and save your changes.

Note: You can show the MAC address for just eth0 with the ifconfig
eth0 command.

6-18 Deploying the Virtual Appliance

Configure Packet Acquisition (Port Groups/Port Mirroring)
Next, you need to configure how the vSTREAM virtual appliance will acquire packets. Table 6-5
summarizes the scenarios available depending on the type of vSwitch you are using and the
type of monitoring you want to perform. Use the links in Table 6-5 to see detailed instructions
for each scenario.

Table 6-5 Port Group/Port Mirroring Configuration Scenarios

Virtual
Switch Monitoring Scenario Configuration Summary

Monitor specific virtual

machines
vSphere Note: NETSCOUT Promiscuous Mode to Reject.
Distributed recommends that vDS VLAN Type is set to VLAN Trunking with a
Switch deployments use port Trunk Range of 0-4094, ensuring that the port
(vDS) mirroring instead of port group can monitor traffic for all VLANs.
groups set to
promiscuous mode.

Refer to "Configuring Port Mirroring on a vSphere Distributed Switch" on page 6-22 for details on
this scenario.

Monitor all virtual

machines
it.
vSphere
Promiscuous Mode for monitoring port
Distributed
group to Accept, enabling it to receive traffic for
Switch
all virtual machines on the vDS.
(vDS)
VLAN Type is set to VLAN Trunking with a
Trunk Range of 0-4094, ensuring that the port
group can monitor traffic for all VLANs.

Refer to "Configuring a Distributed Port Group on a vSphere Distributed Switch" on page 6-27 for
details on this scenario.

vSphere Monitor all virtual

Standard machines
Switch (vSS) Promiscuous Mode for monitoring port
group to Accept, enabling it to receive traffic for
all virtual machines on the vSS.
VLAN ID is set to 4095, ensuring that the port
group can monitor traffic for all VLANs.

Refer to "Configuring a Port Group on a vSphere Standard Switch" on page 6-32 for details on this
scenario.

About Port Mirroring and Tap Configurations

This section describes how to deploy the vSTREAM virtual appliance using port mirroring or
tap configurations. See the following sections for details:
"Using Port Mirroring with the vSTREAM Virtual Appliance" on page 6-20
"Using a Tap Configuration with the vSTREAM Virtual Appliance" on page 6-21

Installing vSTREAM Virtual Appliance in VMware Environments 6-19

 Using Port Mirroring with the vSTREAM Virtual Appliance
You can use the vSTREAM virtual appliance to monitor traffic mirrored from an external
source. Monitoring traffic mirrored from an external source requires some additional
configuration:

vSTREAM virtual appliance. The second pNIC is separate from the one used for the
traffic. This is shown as pNIC1 in Figure 6-17.
itch (vSS) or vSphere Distributed Switch (vDS) must be
added to the hypervisor and associated with the second pNIC. This is shown as
vSwitch1 in Figure 6-17.
c to the monitor port must be configured correctly. To
monitor a particular link, for example, you would want to configure a physical switch
affic to the physical switch port connected to the

Figure 6-17 shows an example of this configuration. The Monitored Site is configured to
mirror traffic to the physical switch port where pNIC1 on vSwitch1 is connected. In turn, the
vSTREAM is connected to the same vSwitch1, allowing it to see traffic mirrored from the
monitored site. Note that no other virtual machines should be connected to the vSwitch used
as the destination for external traffic (vSwitch1 in Figure 6-17)

Figure 6-17 Port Mirroring Configuration

6-20 Deploying the Virtual Appliance

 Using a Tap Configuration with the vSTREAM Virtual Appliance
You can use the vSTREAM virtual appliance to monitor traffic received from a tap between
monitored link and the external switch. Monitoring traffic acquired via a tap requires some
additional configuration:
(pNICs) must be available on the same hypervisor as the
vSTREAM virtual appliance. These pNICs are separate from the one used for the virtual
pNIC 1 and pNIC 2 in
Figure 6-18.
itch (vSS) or vSphere Distributed Switch (vDS) must be
added to the hypervisor and associated with pNICs 1 and 2. This is shown as vSwitch1
in Figure 6-18.
rrectly. To monitor a particular subnet, for
example, you would want to tap between the subnet and the external switch, with one
side of the tap connected to pNIC 1 and the other connected to pNIC 2.
Within vSphere, you configure a port group on the vSwitch that includes pNIC 1 and 2
as well as the vSTREAM. You also enable promiscuous mode to accept all VLAN traffic.
Figure 6-18 shows an example of this configuration. The tap sits between the monitored
subnet and the external switch. One side of the tap is connected to pNIC 1 and the other is
connected to pNIC 2. Both pNICs are connected to the same vSwitch and are used as a
monitoring port group together with the vSTREAM. Note that no other virtual machines
should be connected to the vSwitch used as the monitoring interface (vSwitch1 in
Figure 6-18)

Figure 6-18 Using a Tap Configuration

Installing vSTREAM Virtual Appliance in VMware Environments 6-21

 Configuring Port Mirroring on a vSphere Distributed Switch
NETSCOUT SYSTEMS recommends that vDS deployments use port mirroring to direct traffic
from selected virtual machines to a vSTREAM monitoring interface. Use the following
procedure:
1 Open the vSphere client and click the Networking icon at the top of the inventory
panel.

2 Select the entry for the distributed switch to which the virtual machines you want to
monitor are connected.
3 Click on the Configure tab and select Settings > Port mirroring as illustrated in
Figure 6-19.

Figure 6-19 Port Mirroring Interface

6-22 Deploying the Virtual Appliance

 4 Click the + New button at the top of the Port Mirroring panel to start the Add Port
Mirroring Session wizard (Figure 6-20).

Figure 6-20 Starting the Add Port Mirroring Session Wizard

5 Select the type of port mirroring session to create. vSTREAM supports either of the
following session types:
Use this session type when the vSTREAM mirror
destination is on the same ESXi host as the sources you want to mirror.
Use this session type when the
vSTREAM mirror destination is on a different ESXi host than the sources you
want to mirror. When using this session type, you must associate an IP address
with the destination vSTREAM monitoring interface and specify it in the Select
destinations step of the Add Port Mirroring Session wizard.
6 Make the following settings in the Edit properties step (Figure 6-21):
a Supply a descriptive name for the port mirroring session in the Name field.
b If you want the port mirroring session to start as soon as it is created, you can
change the Status field to Enabled. If you elect to leave it Disabled, you can
easily start the session from the Port Mirroring interface later on.

Installing vSTREAM Virtual Appliance in VMware Environments 6-23

 7 Leave the other settings at their default values and click Next to continue.

Figure 6-21 Setting Properties for the Port Mirroring Session

8 Use the Select sources step to choose the virtual machines whose traffic you want to
mirror to vSTREAM:
a Click the button to select the ports you want to mirror to vSTREAM.
b Use the Select Ports dialog box to select the virtual machines whose traffic you
want to mirror. Check the boxes of each virtual machine to be mirrored and click
OK when you are done (Figure 6-22).

Figure 6-22 Selecting the Sources to Mirror

6-24 Deploying the Virtual Appliance

 c The selected sources appear in the list of mirrored sources (Figure 6-23). By
default, new sources are added with both Ingress and Egress traffic mirrored.
You can use the button at the top of the Select sources list to toggle Traffic
Direction between Ingress, Egress, or Ingress/Egress.

Figure 6-23 Newly Added Source Port for Mirroring Session

d Click Next to continue to Select Destinations.

9 Use the Select destinations step to select the destination for the mirroring session.
The destination is a vSTREAM virt
If you are creating a Distributed Port Mirroring session, click the button to
add the vSTREAM destination. Then, use the Select Ports dialog box to select
the port corresponding to the destination vSTREAM monitoring interface, and
click OK to add it to the list of destinations (Figure 6-24).

Figure 6-24 Selecting the Destination vSTREAM Monitoring Interface by Port

Installing vSTREAM Virtual Appliance in VMware Environments 6-25

 If you are creating an Encapsulated Remote Mirroring (L3) Source session,
click the + button to add the vSTREAM destination. Then, supply the IP address
of the destination vSTREAM monitoring interface.
Note: Refer to "Configuring IP Addresses on a Destination vSTREAM in Private
Cloud Deployments" on page 15-22 for information on assigning an IP address
to a monitoring interface.(Figure 6-24).

Figure 6-25 Selecting the Destination vSTREAM Monitoring Interface by IP Address

10 Click Next.
11 Review the settings for the port mirroring session in the Ready to complete step and
use the Back button to correct settings as necessary. Once you are satisfied that the
settings are correct click Finish to add the session.
12 If you did not enable the port mirroring session by default, you can select its entry in
the Port Mirroring list, click the Edit button, and change its Status to Enabled to start
port mirroring.

6-26 Deploying the Virtual Appliance

 Configuring a Distributed Port Group on a vSphere Distributed
Switch
This section describes how to create a distributed port group on a vSphere Distributed Switch
(VDS) to be used for packet acquisition by the vSTREAM virtual appliance. A distributed port
group configured in promiscuous mode allows the vSTREAM to monitor all VMware
communications without exposing this traffic to any other Virtual Machines.

Note: NETSCOUT recommends that vDS deployments use port mirroring instead of
port groups set to promiscuous mode. Refer to "Configuring Port Mirroring on a
vSphere Distributed Switch" on page 6-22 for details on setting up port mirroring.

Create the Distributed Port Group on the VDS

Use the following procedure to create a distributed port group on a VDS:
1 Open the vSphere client and click the Networking icon at the top of the inventory
panel.

2 Right-click the entry for the distributed switch to which the virtual machines you want
to monitor are connected and select Distributed Port Group > New Distributed
Port Group, as illustrated in Figure 6-26.

Figure 6-26 Adding a Distributed Port Group to a vDS

Installing vSTREAM Virtual Appliance in VMware Environments 6-27

 The New Distributed Port Group wizard starts and guides you through the creation
of the new distributed port group.
3 Supply a name for the new distributed port group in the Name and location page and
click Next (Figure 6-27).

Figure 6-27 Name and Location Page

4 Set the following options in the Configure settings page and click Next to continue:
Set to Static binding.
Port allocation Elastic so that new ports are created as needed.
Number of Ports 1.
Network resource pool (default).
VLAN type VLAN Trunking.
VLAN trunk range
VLAN trunk range to 0-4094, as shown in
Figure 6-28.

6-28 Deploying the Virtual Appliance

 to be monitored (for example, 1-4,25,30-39).

Figure 6-28 Selecting the VLANs Monitored by Port Group

5 Check the Customize default policies configuration box (Figure 6-29) to display
additional options, including promiscuous mode, and click Next.

Figure 6-29 Setting Advanced Options (Promiscuous Mode)

Installing vSTREAM Virtual Appliance in VMware Environments 6-29

 6 On the Security tab, change the setting for Promiscuous mode from Reject to
Accept and click Next (Figure 6-30).

Figure 6-30 Enabling Promiscuous Mode for the Distributed Port Group

7 Click through the remaining steps in the wizard, leaving their settings at the default,
until you reach 8 Ready to complete.
8 Review your settings and click Finish to add the new distributed port group to the vDS.
Once added, the new Port Group appears in the inventory list below the selected vDS,
as shown below.

Connect a vSTREAM Monitoring Interface to the Distributed Port Group

Next, you need to connect a vS the distributed port group
you just created:
1 inventory list for the vSTREAM you want to
use to monitor the port group you just created and click Edit Settings.

6-30 Deploying the Virtual Appliance

 2 Locate the entry for one of the monitoring interfaces on the vSTREAM (that is, not
Network adapter 1, but one of the others), click the dropdown for its connected
network, and select the Browse option (Figure 6-36).

Figure 6-31 Connecting a vSTREAM Monitoring Interface to the Port Group

3 Locate the entry in the Select Network dialog box for the distributed port group you
created in the previous procedure, select it, and click OK.
In this example, we are connecting a vSTREAM monitoring interface to the vSTREAM
Port Group we created in the previous procedure (Figure 6-37).

Figure 6-32 Selecting the Distributed Port Group for the vSTREAM Monitoring Interface

4 Click OK on the Edit Settings dialog box to commit your changes.

Installing vSTREAM Virtual Appliance in VMware Environments 6-31

 Configuring a Port Group on a vSphere Standard Switch
This section describes how to create a port group on a vSphere Standard Switch (VSS) to be
used for packet acquisition by the vSTREAM virtual appliance. A port group configured in
promiscuous mode allows the vSTREAM to monitor all VMware communications without
exposing this traffic to any other Virtual Machines.

Create the Port Group on the VSS

Use the following procedure to create a port group on a vSphere Standard Switch:
1 Determine the vSS to which the VMs you want to monitor are connected.
2 ct the host with the vSS containing the VMs
you want to monitor.
3 Right-click the host and select Add Networking.
4 Select Virtual Machine Port Group for a Standard Switch and click Next.

6-32 Deploying the Virtual Appliance

 5 Choose the Select an existing standard switch option and use the Browse button
to navigate to the switch with the virtual machines whose traffic you want to monitor
with vSTREAM and click OK.

6 Click Next.
7 Change the text in the Network Label field to something meaningful (for example,
Monitoring Network).
8 Set the VLAN ID field as follows:
VLAN ID to All (4095).
VLANs, enter their specific IDs.

Installing vSTREAM Virtual Appliance in VMware Environments 6-33

 9 Click Next and then click Finish at the next window to complete the Add Networking
Wizard.

Enable Promiscuous Mode on the VSS Port Group

You must enable Promiscuous Mode for the vSS port group you created in "Create the Port
Group on the VSS" on page 6-32 before it can be used with the vSTREAM virtual appliance. Use
the following procedure:
1 the host with the vSS containing the port
group you want to configure.
2 Select the Configure tab.
3 Select the Networking > Virtual Switches option.
The Virtual switches panel appears, listing all of the virtual switches on the selected
host.
4 Scroll down and select the entry for the VSS with the port group you added in the
previous section.
Figure 6-33 summarizes the options you must set in the previous steps to produce the
vSwitch1 with the Monitoring Network
port group we created in the previous section:

Figure 6-33 Configuring Port Group on a vSS

6-34 Deploying the Virtual Appliance

 5 Click the ... entry for the port group you created in "Create the Port Group on the VSS"
on page 6-32 (Monitoring Network in this example) and click Edit Settings
(Figure 6-34) .

Figure 6-34 Editing Port Group Settings

6 Click the Security entry and check the Override box box next to Promiscuous Mode
and choose Accept from its corresponding dropdown box (Figure 6-35).

Figure 6-35 Enabling Promiscuous Mode

Important:

this property on other network groups replicates traffic to all virtual

machines and can cause server performance issues.

Installing vSTREAM Virtual Appliance in VMware Environments 6-35

 7 Click OK to close the port group Edit Settings wizard.

Connect a vSTREAM Monitoring Interface to the Port Group

Next, you need to connect a vS
created:
1 inventory list for the vSTREAM you want to
use to monitor the port group you just created and click Edit Settings.
2 Locate the entry for one of the monitoring interfaces on the vSTREAM (that is, not
Network adapter 1, but one of the others), click the dropdown for its connected
network, and select the Browse option (Figure 6-36).

Figure 6-36 Connecting a vSTREAM Monitoring Interface to the Port Group

3 Locate the entry in the Select Network dialog box for the port group you created in
the previous procedure, select it, and click OK.
In this example, we are connecting a vSTREAM monitoring interface to the Monitoring
Network port group we created in the previous procedure (Figure 6-37).

Figure 6-37 Selecting the Port Group for the vSTREAM Monitoring Interface

4 Click OK on the Edit Settings dialog box to commit your changes.

6-36 Deploying the Virtual Appliance

Start the Virtual Appliance
The next step is to power on the vSTREAM virtual appliance:
1 Select the entry for the vSTREAM virtual app
and click the Power on button in the main panel (Figure 6-38).

Figure 6-38 Powering on the virtual appliance

Automatic Application Installation

When you power on the virtual appliance, the vSTREAM application is automatically installed
using the settings you specified in the deployment GUI. Several reboots will take place during
the automatic installation of the application. The application is installed with the following
default partition sizes:

There is no need to perform a separate application installation unless you want to change the
sizes of the data storage partitions. Refer to "Reinstalling the vSTREAM Application" on
page 6-38

Installing vSTREAM Virtual Appliance in VMware Environments 6-37

Reinstalling the vSTREAM Application
If you would like to change the size of the storage partitions allocated during automatic
application installation, you can reinstall the vSTREAM application by copying the
is-6320-xxx-vSTREAM.bin installation file to the vSTREAM virtual machine and executing it
there.
1 Download the is-6320-xxx-vSTREAM.bin installation file from the NETSCOUT website
and copy it to the target machine.
2 Open the vSphere client and either select the entry for the virtual machine and select
the Console tab or right-click the virtual machine entry and select Open Console.
3 Log in using the default credentials:

Note: Use the default username and password the first time you log in to
the operating system. After you log in the first time, you can modify the
default password using the passwd command.

4 Install the application using the command below. Note that the xxx indicates the build
number for the .bin file, and will vary by version:
./is-6320-xxx-vSTREAM.bin
It can take several minutes for the installation to begin.

Note: If the installation file does not run, you may need to make it executable with
the chmod +x command. For example, chmod +x is-6320-xxx-vSTREAM.bin.

5 The installation script asks you to select your locale. Choose your language and press
Enter.
6 Press Enter on the Introduction screen.
7 Continue pressing Enter to read the End User License Agreement.
8 When prompted, press Y to accept the license agreement.
9 The installation script asks if you want to create a packet store partition:
1 - Yes d and you will be able to record and
store packets on the vSTREAM virtual appliance. With packet recording enabled,
the minimum size of the secondary storage disk is 100 GB.
2 - No eated. The virtual appliance will not
record packets. ASI monitoring is still available, as is on-demand capture, but
full-time recording is not available. If you choose No, you can configure the

10 The installation script prompts you to configure the /xdr, /metadata, and /asi
partitions. These partitions (if created) are all located on the same drive space
allocated for packet storage. Because of this, the more space you allocate for
partitions, the less space you will have available for packet data.

6-38 Deploying the Virtual Appliance

 Use Table 6-6 to help decide which partitions you need for the Consoles/applications
you plan to use with the appliance.

Table 6-6 vSTREAM Virtual Appliance Partitions

Partition Description Range

/xdr If the appliance will be configured to produce xDRs/ASRs for use Default = 5% of available
by nGeniusONE or nGenius Subscriber Intelligence, you MUST storage (if created).
allocate an /xdr partition for storage of xDRs/ASRs (eXtended Enter 0 to eliminate.
Data Records/Adaptive Session Records). This partition can be
eliminated if the appliance will not be used with these
applications.
Adaptive Session Records (ASRs) store session-level metadata
for transactions observed using supported protocols, for
example, an HTTP session or an email exchange. ASRs combine
statistics for entire sessions, providing end-to-end transaction
information. All TCP/UDP and SCTP parent applications and
user-created custom applications with the exception of Active
Agent, Peer-to-Peer, and a few other protocols support "ASR
applications." This support of deep-parsing ASRs at the child
application level for protocols such as HTTP, Oracle, AMEX, VISA,
SIP, DNS, DHCP and others provides a more granular collection
of session-level metrics. For example, you can monitor a wide
array of data for standard card processing, web, and
multi-media protocols, and custom applications.

/asi This partition is dedicated to storing Adaptive Service Default = 1% of available

Intelligence (ASI) metadata. storage

/metadata This partition is required for nGeniusONE features such as Default = 1% of available
remote decode, data capture, and trace file storage. storage
Note: You are not asked to create this partition if you did not
create a packet storage partition.
Set a size for this partition based on your anticipated usage of
the features listed below:
nGeniusONE Decode View stores transient session data
files in /data and <installdirectory>/rtm/pa/data. Although
these files are automatically removed when the decode
session is closed, multiple simultaneous decode sessions
can also create temporary index files in the /metadata
partition consuming as much as 20 G of space.
NOTE: If you choose the minimum /metadata partition size, it is
strongly recommended that you do not save remote trace files
on the vSTREAM appliance. These trace files consume space on
the partition and reduce the space available for the ASI
metadata required for nGeniusONE monitors and enablers.
Excluding the remote decode operations, files saved on this
partition must be managed manually. Users who anticipate
heavy use of any of the above features should increase the
partition size to a greater percentage of the total storage.

11 The installation script displays the Pre-Installation Summary screen. Press Enter to
continue.
12 Installation begins. The installer presents an Installation Complete message when
finished. Press Enter to exit the installation script.

Installing vSTREAM Virtual Appliance in VMware Environments 6-39

 13 Reboot your vSTREAM virtual appliance by entering
shutdown -r now on the command-line interface.

Configuring System Settings

The basic settings for the vSTREAM application are automatically configured based on the
values you specified in the vSTREAM deployment wizard, including the IP address for the
Management port, the IP address of the managing nGeniusONE server, and so on (refer to
Step 11 for details on the options available in the wizard).
If you did not configure settings in the deployment wizard (or you would like to reconfigure
the ones you did specify), you can run the nGApplianceConfig.plx script to change them
using the instructions in this section.

Important: The vSTREAM virtual appliance automatically configures all

capture ports. Manual configuration of capture ports is not required.

Running the Appliance Configuration Script

Use the following procedure to run the appliance configuration script:
1 If you do not already have an open Console session with the vSTREAM virtual
appliance, open one now by opening the vSphere client and either selecting the entry
for the vSTREAM virtual appliance and selecting the Console tab or by right-clicking
the vSTREAM entry and selecting Open Console.
2 Log in as the root user to the operating system.
3 Check the system hardware clock for accuracy by entering the following commands:
date
clock
4 If either the date or the clock is incorrect, set the system hardware clock:
date mmddhhmmyyyy
hwclock --systohc
For information on how to use the date or clock command, enter man date or man
hwclock at the command prompt.
5 Navigate to the /opt/NetScout/rtm/bin directory (you can type isbin and press Enter
as a shortcut to this directory).
6 Stop all vSTREAM processes with the following command:
./stopall
Run the ./PS command to list any running processes and manually kill any that remain.
For example:
pkill nsprobe
7 Run the following script in the /opt/NetScout/rtm/bin directory:
./nGApplianceConfig.plx
8 When asked if you want to continue, enter y and press Enter to continue. Then, follow
the prompts to enter the information you collected at the beginning of this procedure.

6-40 Configuring System Settings

 9 Indicate whether you want to assign an IPv4 address only, IPv6 address only, or both
address types to the Manage port and press Enter.
10 When prompted, enter a valid IPv4 or IPv6 address (depending upon your selection in
the previous step and press Enter.
Note: Supported formats for all IP addresses are:

11 Enter a valid subnet mask for the Management port (required for IPv4 only) and press
Enter.
12 Enter a valid gateway IP address for the Management port and press Enter.
13 If you chose to assign both address types to the Management port, repeat Step 10 and
Step 12 for the IPv6 address; otherwise, continue with the next step.
14 Supply a simple hostname for the appliance and press Enter.
15
Enter.
16 Enter the IP address of a DNS server (nameserver). The script gives you the option of
entering multiple DNS server addresses to be used as backups in case the first DNS
server specified is unreachable.
17 vSTREAM supports NTP for synchronization of
Enter the IP address of one or more NTP servers. Servers are used as fallbacks in the
same order they are specified.
Note: Only IPv4 addresses are supported for specifying time sources; IPv6 addresses
are not supported.
18 Configure the appliance Time Zone.
19 When the script displays your settings, confirm that they are correct.
y and press Enter to continue.
n and press Enter. You can then re-enter your
settings.
20 When asked if you want to reboot, enter y and press Enter. The system automatically
propagates properties file changes and the appliance restarts.

Important: While the system is being reconfigured, you are unable to log in to the
appliance. Do not manually reboot the appliance during this period. Doing so can
cause undesirable results.

Installing vSTREAM Virtual Appliance in VMware Environments 6-41

 21 Log back in to a Console session, switch to /opt/NetScout/rtm with the isbin
shortcut and use the ./PS command to verify that the nsprobe process is running and
shows non-zero values. For example:

Configure PCI Passthrough in VMware Deployments

vSTREAM virtual appliances can use an Ethernet adapter configured with a PCI passthrough
to enhance performance. The vSTREAM virtual appliance has been tested and supports the
following physical adapters for use with a PCI passthrough:

Note: Make sure that the physical Ethernet port being used for
SR-IOV has its MTU set to 9100 to enable support for jumbo frames.

DPDK must be used with PCI passthrough. You configure PCI passthrough settings after the
vSTREAM application is installed and before enabling DPDK (if you are using it).
This section describes how to configure a PCI device as a passthrough in VMware and add it
to the vSTREAM for analysis. The major steps are as follows:
"Enable Virtualization Extensions in BIOS" on page 6-42
"Enable PCI Passthrough to Physical Device" on page 6-42
"Add PCI Device to vSTREAM Virtual Appliance" on page 6-45

Enable Virtualization Extensions in BIOS

The PCI passthrough feature is referred to as VMDirectPath in VMware. Before you can use
VMDirectPath with a target device, you must enable virtualization extensions in the BIOS of
the machine where the device is installed:
Intel chnology for Directed I/O (VT-d) feature is enabled in
the chipset BIOS.
Refer to your hardware documentation for information on enabling this feature in BIOS.

Enable PCI Passthrough to Physical Device

Use the following procedure to enable a passthrough to a PCI device in VMware.
1 Open the vSphere client, select the top-level entry for an ESXi host, and click on the
Configure tab.
2 Scroll down to the Hardware > PCI Devices entry.

6-42 Configure PCI Passthrough in VMware Deployments

 3 Click the Configure Passthrough button. The highlighted areas of the figure below
illustrate how to access this feature:

4 From the list of devices that appears, select the device you would like to make
available as a passthrough and click OK. The figure below illustrates the selection of
an Ethernet adapter.

Installing vSTREAM Virtual Appliance in VMware Environments 6-43

 5 After clicking OK, the PCI Devices page refreshes to show the newly selected PCI
device available as a passthrough once the host machine has been rebooted.

6 Click the Reboot This Host button to reboot the host machine and complete the
procedure.

6-44 Configure PCI Passthrough in VMware Deployments

Add PCI Device to vSTREAM Virtual Appliance
rough to a device in VMware, you can use it with vSTREAM.
You add a PCI Passthrough port to the vSTREAM virtual appliance in the vSphere Client. Use
the following procedure:
1 Open the vSphere Web Client, right-click the entry for the vSTREAM virtual machine
and select the Edit Settings option.
The Edit Settings dialog box appears.
2 Click the New device button at the top of the Edit Settings window and select PCI
Device from the list that appears.

Figure 6-39 Adding the PCI Passthrough Manually

3 Select the New PCI Device entry device in the list at the left of the Edit Settings dialog
box and use the dropdown to select the physical device for the passthrough.
4 Click OK.
5 Open a terminal window to the vSTREAM appliance and use the following command
to disable the VF driver on the vSTREAM:
echo "blacklist ixgbe" > /etc/modprobe.d/blacklist-ixgbe.conf.
6 Restart the virtual appliance to complete the procedure.

Installing vSTREAM Virtual Appliance in VMware Environments 6-45

Enable SR-IOV
vSTREAM virtual appliances can use logical ports that have been virtualized from a physical
Ethernet port using Single Root I/O Virtualization (SR-IOV). The vSTREAM virtual appliance has
been tested and supports the following physical adapters with SR-IOV:

DPDK must be used with SR-IOV. You configure SR-IOV settings after installing the
InfiniStream application and before enabling DPDK.
Use the following procedure to configure SR-IOV support on the vSTREAM virtual machine:
1 Ensure that SR-IOV is enabled in BIOS on the target ESXi host.
2 Open a console connection to the ESXi host where the vSTREAM virtual machine is
installed.
3 Use the following command to review the physical adapters installed on the host,
including their ordering:
lspci | grep -i intel | grep -i 'ethernet\|network'
In response, the system lists the physical Ethernet ports installed on the host in the
order in which they are installed on the PCI bus. For example, the following output
shows a total of six ports, with four on the onboard adapter (X540-AT2) and two on an
external adapter (10G 2P X520 Adapter):
~ # lspci | grep -i intel | grep -i 'ethernet\|network'
0000:03:00.0 Network controller: Intel Corporation Ethernet Controller X540-AT2 [vmnic0]
0000:03:00.1 Network controller: Intel Corporation Ethernet Controller X540-AT2 [vmnic1]
0000:05:00.0 Network controller: Intel Corporation Ethernet Controller X540-AT2 [vmnic2]
0000:05:00.1 Network controller: Intel Corporation Ethernet Controller X540-AT2 [vmnic3]
0000:82:00.0 Network controller: Intel Corporation Ethernet 10G 2P X520 Adapter [vmnic4]
0000:82:00.1 Network controller: Intel Corporation Ethernet 10G 2P X520 Adapter [vmnic5]
4 The SR-IOV feature creates multiple logical ports out of a physical port. These logical
ports are referred to as Virtual Functions (VFs) and can be attached to the vSTREAM
virtual machine for monitoring.
You use the following command to create VFs from a physical port:
~ # esxcfg-module ixgbe -s max_vfs=W,X,Y,Z
The max_vfs argument is a comma-separated list with each number in the list
specifying the number of Virtual Functions for the corresponding physical port in the
same order they appear on the PCI bus. So, for example, consider how
max_vfs=0,10,0,10 maps to the physical ports shown in the grep output above:

maps
grep output showing pci bus order to max_vfs=0,10,0,10

0000:03:00.0 Network controller: Intel Corporation Ethernet Controller X540-AT2 [vmnic0] 0

0000:03:00.1 Network controller: Intel Corporation Ethernet Controller X540-AT2 [vmnic1] 10

0000:05:00.0 Network controller: Intel Corporation Ethernet Controller X540-AT2 [vmnic2] 0

0000:05:00.1 Network controller: Intel Corporation Ethernet Controller X540-AT2 [vmnic3] 10

0000:82:00.0 Network controller: Intel Corporation Ethernet 10G 2P X520 Adapter [vmnic4] - (not specified)

6-46 Enable SR-IOV

 maps
grep output showing pci bus order to max_vfs=0,10,0,10

0000:82:00.1 Network controller: Intel Corporation Ethernet 10G 2P X520 Adapter [vmnic5] - (not specified)

To create 10 VFs out of both ports on the physical X520 adapter shown in the grep
output above, the command is as follows:
~ # esxcfg-module ixgbe -s max_vfs=0,0,0,0,10,10

Note:

5 Once you have created the desired VFs, you can verify your settings using the
esxcfg-module command with the -g switch. For example, the following command
verifies that we have created 10 VFs each on the ports in position 5 and 6 on the PCI
bus (the physical X520 adapter in our example):
~ # esxcfg-module -g ixgbe
ixgbe enabled = 1 options = 'max_vfs=0,0,0,0,10,10'
6 Reboot the ESXi host to apply your VF settings.
7 Open the vSphere Web Client and use the Host > Manage > Settings > PCI Devices
view to verify that VFs were successfully created.

Add VFs to Virtual InfiniStream

following procedure:
1 Open the vSphere Web Client and power off the Virtual InfiniStream appliance.
2 Right-click the Navigator panel entry for the Virtual InfiniStream appliance to which
you want to assign a VF and select the Edit Settings command.

Installing vSTREAM Virtual Appliance in VMware Environments 6-47

 3 Expand the Memory section and enable the Reserve all guest memory (All locked)
option (Figure 6-40).

Figure 6-40 Reserving Guest Memory

4 Click the Add New Device dropdown at the top of the dialog box, select the Network
Adapter option, and click Add.
5 A New Network entry appears in the Edit Settings dialog box.
6 Click the New Network entry and set the following options for the monitoring vNIC:
New Network dropdown. This
is the port group whose traffic will be monitored.
Connect at power on option so that the vNIC connects when the
virtual appliance starts.
Adapter Type to SR-IOV passthrough.
Physical Function dropdown to select a physical function with SR-IOV
enabled and VFs assigned. The dropdown only lists devices with SR-IOV
enabled.
Guest OS MTU Changes dropdown to either Allow or Disallow to

transmission unit size.

ble the VF driver on the vSTREAM:
echo "blacklist ixgbevf" > /etc/modprobe.d/blacklist-ixgbevf.conf

Note: if the ixgbevf.conf file does not exist, you must create it.

6-48 Enable SR-IOV

 monitoring vNIC, correct as necessary, and click OK
to create the vNIC with SR-IOV enabled.

Note: Keep in mind that assigning the same VF to multiple virtual machines is not
supported. vSphere manages the VFs for a given physical function and tracks VF
assignments.

7 Important: If you are using the Intel X710 NIC, you must clear VLAN settings on the
KVM virtual machine or OpenStack compute node in order to ensure that vSTREAM
sees and parses VLAN headers correctly:
For example, after configuring the VLAN ID on the VF, use the following command to
put VF #1 into its default VLAN configuration:
$> ip link set eno1 vf 1 vlan 0

Enable DPDK Support

The Intel Data Plane Development Kit (DPDK) offers enhanced virtual appliance performance.
You can enable DPDK support for any of the following adapters used by the vSTREAM virtual
appliance:

igured in PCI passthrough mode. DPDK is

required to use these adapters in PCI passthrough and SR-IOV mode.

Note: You enable Intel DPDK support after deploying the virtual appliance and installing
the InfiniStream application and configuring PCI passthrough settings.

Use the following procedure to enable DPDK support on the vSTREAM virtual machine:
1 Open a console connection to the vSTREAM virtual machine.
2 Navigate to the /opt/NetScout/rtm/bin directory (you can type isbin and press Enter
as a shortcut to this directory).
3 Stop all vSTREAM processes with the following command:
./stopall
Run the ./PS command to list any running processes and manually kill any that remain.
For example:
pkill nsprobe
4 Run the /opt/dpdk/set-dpdk enable script to enable DPDK support. For example:

5 Restart the appliance to apply your changes.

Disabling DPDK
1 If at some point you decide to disable DPDK support, you can do so with the
/opt/dpdk/set-dpdk disable command.

Installing vSTREAM Virtual Appliance in VMware Environments 6-49

Using vSTREAM Virtual Appliances in a Clustered/vMotion
Environment
VMware ESXi hosts are commonly deployed in high-availability clusters that use vMotion
technology to migrate virtual machines from one host to another. The vSTREAM virtual
appliance supports two techniques for continuous traffic monitoring in a clustered/vMotion
affinity-based and cluster-based:
Affinity-based ng, you install a single vSTREAM
instance and create a VM-VM affinity rule in vSphere between the vSTREAM and the
virtual machine whose traffic it is monitoring. The affinity rule ensures that the two
virtual machines are kept together during vMotion migration to a new host in the
cluster.
Refer to "Using Affinity-Based Monitoring" on page 6-51 for details on setting up this
approach.
Cluster-based ng, you deploy vSTREAM virtual
appliances on all ESXi hosts in a cluster where a monitored virtual machine may
conceivably be migrated using vMotion and configure them to monitor the same
virtual machine(s).
Refer to "Using Cluster-Based Monitoring" on page 6-52 for details on setting up this
approach.

Pros and Cons of Affinity vs. Cluster-Based Monitoring

The table below summarizes the tradeoffs between affinity-based and cluster-based
e the affinity-based technique. You may want to
start with it and then move to the cluster-based approach, if necessary.

Table 6-7 Tradeoffs Between Affinity-Based and Cluster-Based Monitoring0

Task Affinity-Based Cluster-Based

nGeniusONE Simple More Complex

Management Only need to add a single vSTREAM in Must add each vSTREAM used in
nGeniusONE. cluster separately to
nGeniusONE.

nGeniusONE Straightforward More Complex

Reporting Reports are per-interfaces, so all results Data from multiple interfaces
appear together. requires manual processing.

Trending Data Excellent Intermittent

The vSTREAM interface remains constant, so Trending data resets when
Trending data is retained. traffic moves to a new vSTREAM
instance.

Missed Small number Zero

Transactions Only occurs during vMotion of an Affinity All packets are captured by at
Group. This can happen because of the least one vSTREAM instance.
small time delta between when the two
virtual machines bound by the affinity rule
are migrated.

6-50 Using vSTREAM Virtual Appliances in a Clustered/vMotion Environment

 Table 6-7 Tradeoffs Between Affinity-Based and Cluster-Based Monitoring0

Task Affinity-Based Cluster-Based

Resource Optimized Higher

Allocation Host resources consumed only on one host Host resources consumed
at a time. across entire cluster because of
multiple vSTREAM deployments.

Using Affinity-Based Monitoring

This section describes how to configure affinity-based monitoring.
Figure 6-41 illustrates the deployment of a single vSTREAM instance bound to the virtual
machine whose traffic it is monitoring by a VM-VM affinity rule. The affinity rule specifies that
the two virtual machines always migrate to a new host together, ensuring continuous traffic
visibility,

Figure 6-41 Using Affinity-Based Monitoring

Installing vSTREAM Virtual Appliance in VMware Environments 6-51

 Configuring Affinity-Based Monitoring
This section describes how to configure affinity-based monitoring for a clustered/vMotion
environment.
1 Deploy the first vSTREAM instance. In this, we are monitoring VM1. Port mirroring is
configured between VM1 on Port 140
Next, you need to set up a VM-VM affinity rule between the vSTREAM instance and VM1
on Port 140. You configure VM-VM affinity rules in the vSphere client.
2 Use the vSphere Web Client navigator to browse to the cluster containing the
vSTREAM instance and VM1.
3 Click the Manage tab.
4 Click Settings.
5 Click DRS Rules.
6 Click Add.
7 In the Create DRS Rule dialog box, type a name for the rule.
8 From the Type drop-down menu, select Keep Virtual Machines Together.
9 Click Add.
10 Select both the vSTREAM instance and the VM1 virtual machine and click OK. These
are the two virtual machines to which the affinity rule will apply.
11 Click OK.

Using Cluster-Based Monitoring

This section describes how to set up the cluster-based monitoring approach to
clustered/vMotion environments. The configuration procedure is slightly different for
vSphere Distributed Switches and vSphere Standard switches.
"Configuring Cluster-Based Monitoring: Virtual Distributed Switch" on page 6-54
"Configuring Cluster-Based Monitoring: Virtual Standard Switch" on page 6-55
The cluster-based approach also requires that you disable vMotion migration for all vSTREAM
virtual appliances in the cluster. Refer to "Disabling vMotion Migration for the vSTREAM" on
page 6-55 for details.

Cluster-Based Monitoring Illustrated

Figure 6-42 illustrates the deployment of multiple vSTREAM instances to operate successfully
in a clustered/vMotion environment. Keep in mind that the configuration illustrated below
requires the following:

virtual machine can be migrated using vMotion.

properly to monitor the target virtual
machine (VM1 in Figure 6-42).

configuration of the vSTREAM instance must not be changed. This includes vNIC
ordering and connections to virtual switches.

6-52 Using vSTREAM Virtual Appliances in a Clustered/vMotion Environment

 Figure 6-42 vSTREAM Deployment in a Clustered/vMotion Environment

Installing vSTREAM Virtual Appliance in VMware Environments 6-53

 Configuring Cluster-Based Monitoring: Virtual Distributed Switch
This section describes how to set up the cluster-based approach to monitoring a virtual
machine after it uses vMotion to migrate to a new host in a vDS environment.
In this approach, each vSTREAM instance must be configured with port mirroring settings that
ensure the target virtual machine is monitored regardless of its current host. The following
procedure explains how using the example shown in Figure 6-42 as a reference.
1 Deploy the first vSTREAM instance. In this example, we are monitoring VM1. Port
mirroring is configured between VM1 on Port 140
2 Deploy additional vSTREAM instances on possible vMotion destinations (for example,
the vSTREAM-B instance on ESXi Host 2 in Figure 6-42).
3 Configure port mirroring settings for the additional vSTREAM instances using the
same port number targeted by the first vSTREAM instance (140 in this example). Refer
to "Configuring Port Mirroring on a vSphere Distributed Switch" on page 22 for
instructions.

6-54 Using vSTREAM Virtual Appliances in a Clustered/vMotion Environment

 Configuring Cluster-Based Monitoring: Virtual Standard Switch
This section describes how to set up the cluster-based approach to monitoring a virtual
machine after it uses vMotion to migrate to a new host in a vSS environment.
In this approach, each vSTREAM instance must be configured to monitor the vSwitch to which
it will connect in the new host environment.
Consider the example shown in Figure 6-42 on page 6-53 eth1
traffic regardless of whether VM1 is currently hosted on ESXi Host 1 or ESXi Host 2. To
achieve this goal, you deploy separate vSTREAM instances on both ESXi hosts, with each
configured to monitor vSwitch1

Disabling vMotion Migration for the vSTREAM

When using the cluster-based approach to monitoring in a clustered/vMotion environment,
you do not want the vSTREAM virtual appliances to migrate using vMotion. This section
describes how to configure a vSTREAM instance to prevent it from migrating automatically
when a host becomes unavailable. The procedure is different depending on whether the
node is deployed in a High-Availability (HA) cluster or a DRS cluster:

To Prevent vSTREAM vMotion in High Availability Clusters:

1 Open the vSphere client, select the vSphere Cluster with the vSTREAM instances, and
select Edit Settings.
2 Select vSphere HA > Virtual Machine Options.
3 Sort the Virtual Machine column by name and select all vSTREAM instances.
4 Set the VM Restart Priority option to Disabled.

To Prevent vSTREAM vMotion in DRS Clusters:

1 Open the vSphere client, select the vSphere Cluster with the vSTREAM instances, and
select Edit Settings.
2 Select vSphere DRS > Virtual Machine Options.
3 Sort the Virtual Machine column by name and select all vSTREAM instances.
4 Set the Automation Level option to Disabled.

Next Steps
The next steps are to license sufficient eight-vCPU blocks to cover the vCPUs provisioned for
all vSTREAM instances, add the appliance to nGeniusONE, and configure CDM/ASI settings to
monitor your network. Refer to "Configuring vSTREAM" on page 15-1 for details on these
steps.

Installing vSTREAM Virtual Appliance in VMware Environments 6-55

6-56 Next Steps