Enable network overlay decapsulation

Network overlay encapsulation wraps standard network packets in outer protocol headers to perform specialized functions, such as smart routing and virtual machine networking management. Network overlay decapsulation enables the ExtraHop system to remove these outer encapsulating headers and then process the inner packets.

Note:Enabling Generic Routing Encapsulation (GRE), Network Virtualization using Generic Routing Encapsulation (NVGRE), VXLAN, and GENEVE decapsulation on your ExtraHop system can increase your device count as virtual devices are discovered on the network. Discovery of these virtual devices can affect Advanced Analysis and Standard Analysis capacity and the additional metrics processing can cause performance to degrade in extreme cases.

MPLS, TRILL, and Cisco FabricPath protocols are automatically decapsulated by the ExtraHop system.

Enable GRE or NVGRE decapsulation

  1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the System Configuration section, click Capture.
  3. Click Network Overlay Decapsulation.
  4. In the Settings section, select the Enabled checkbox next to NVGRE or GRE.
    Note:Selecting GRE also enables NVGRE even if you do not select the NVGRE checkbox.
  5. Click Save.
  6. Click OK.

Enable VXLAN decapsulation

VXLAN is a UDP tunneling protocol configured for specific destination ports. Decapsulation is not attempted unless the destination port in a packet matches the UDP destination port or ports listed in the VXLAN decapsulation settings.

To configure the ExtraHop system as an endpoint for VXLAN-encapsulated traffic, see Configure an interface.
  1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the System Configuration section, click Capture.
  3. Click Network Overlay Decapsulation.
  4. In the Settings section, select the Enabled checkbox next to VXLAN.
  5. In the VXLAN UDP Destination Port field, type a port number and click the green plus (+) .
    By default, port 4789 is added to the UDP Destination Port list. You can add up to eight destination ports.
  6. Click Save.
  7. Click OK.

Enable GENEVE decapsulation

To configure the ExtraHop system as an endpoint for GENEVE-encapsulated traffic, see Configure an interface.
  1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the System Configuration section, click Capture.
  3. Click Network Overlay Decapsulation.
  4. In the Settings section, select the Enabled checkbox next to GENEVE. The default destination port is 6081.
  5. Click Save.
  6. Click OK.
Last modified 2023-11-07