AnsweredAssumed Answered

ERSPAN Tap port on decoder from multiple ESX Hosts

Question asked by RSA Admin Employee on Mar 12, 2014

Hello Everyone,

 

We are installing the All-In-One Netwitness virtual appliance suite and I'd like the Decoder to be able to be vmotioned to/from any one of three ESX 5.5 hosts. The span port will be a L3 Mirror port created on our VDS (Virtual Distributed Switch) and this basically encapsulates all mirror/span traffic from selected VMWare guests into GRE packets which are routed to our Decoder (Not a high volume TAP environment). This allows the Decoder to be Vmotioned from Host to Host however at the moment the traffic arrives encapsulated in GRE. What would be the best way to remove the GRE headers on the Decoder before the traffic actually enters the Decoder for processing?

 

Many thanks

Outcomes