Enable network overlay decapsulation

Network overlay encapsulation wraps standard network packets in outer protocol headers to perform specialized functions, such as smart routing and virtual machine networking management.

Network overlay decapsulation enables the ExtraHop appliance to remove these outer encapsulating headers and then process the inner packets.

Note:Enabling NVGRE and VXLAN decapsulation on your ExtraHop appliance can increase your device count as virtual appliances are discovered on the network. Discovery of these virtual devices can affect Advanced Analysis and Standard Analysis capacity and the additional metrics processing can cause performance to degrade in extreme cases.

MPLS, TRILL, and Cisco FabricPath protocols are automatically decapsulated by the ExtraHop system.

Enable NVGRE decapsulation

  1. Log into the Admin UI on the Discover appliance.
  2. In the System Configuration section, click Capture.
  3. Click Network Overlay Decapsulation.
  4. In the Settings section, select the Enabled checkbox next to NVGRE.
  5. Click Save.
  6. Click OK.

Enable VXLAN decapsulation

VXLAN is a UDP tunneling protocol is configured for specific destination ports. Decapsulation is not attempted unless the destination port in a packet matches the UDP destination port or ports listed in the VXLAN decapsulation settings.

  1. Log into the Admin UI on the Discover appliance.
  2. In the System Configuration section, click Capture.
  3. Click Network Overlay Decapsulation.
  4. In the Settings section, select the Enabled checkbox next to VXLAN.
  5. In the VXLAN UDP Destination Port field, type a port number and click the green plus (+) .
    By default, port 4789 is added to the UDP Destination Port list. You can add up to eight destination ports.
  6. Click Save.
  7. Click OK.
Published 2018-11-09 13:57