Step 2: Configuring uplink and packet capture
Create vSwitch for capturing packets
Create portgroup for capturing packets
Add BH Appliance vNIC to capture portgroup
BH Appliance Deployment
BH Appliance can be deployed on ESX 6.5 and higher version. The appliance needs a minimum of 32GB of RAM and a minimum of 24 vCPUs. Inspecting higher than 2Gbps of sustained traffic will need additional vCPUs. It is recommended to create a separate vSwitch for the external spanned traffic to the VM. A typical deployment scenario would look like the figure below:
Step 1: OVF Deployment
Download BlueHexagon OVF tgz package and deflate it on the client’s machine disk. Ensure that the md5 checksum provided in the package matches md5sum of vmdk file from the package. Example of the command to get md5 checksum
md5sum bh-appliance-master.configured.8-bluehexagon-pov-disk1.vmdk
Use client’s machine Chrome (or other browser that works with your version of VMWare hypervisor) to connect to your ESX server HTTPS server, Import OVF into ESX using standard procedure for importing from the local OVF file explained in https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vm_admin.doc/GUID-17BEDA21-43F6-41F4-8FB2-E01D275FE9B4.html.
Start Deploy
Select Files
Choose Options
BlueHexagon VM will be up and running after the deploy has been completed.
Step 2: Configuring uplink and packet capture
BlueHexagon VM will be created with two interfaces where the first interface will try to auto-configure through DHCP protocol. If successfully configured, the IPv4 address will be available in VMWare client’s console. All services are up and running at this point.
Create vSwitch for capturing packets
Identify the physical NIC on the ESX server that receives the spanned traffic from your traffic mirror of choice (switch, proxy, firewall, packet broker).
Create a new vSwitch with uplink port as the physical NIC that receives the spanned traffic.
This NIC cannot be uplink on other vSwitches.
Turn on “promiscuous mode” in the security options of the switch.
In the example shown below, we are creating a new vSwitch called capture_vSwitch with uplink port as vmnic1. “Accept” the promiscuous mode option in security settings.
Create portgroup for capturing packets
Create a portgroup within the above created vSwitch.
Accept the promiscuous mode option in the security options of the portgroup.
In the below example, we are creating a portgroup named “capture_portgroup” within
capture_vSwitch.
Add BH Appliance vNIC to capture portgroup
BH Appliance by default comes with two interfaces, one for management and other
to received spanned traffic(capture vnic).
Add the capture vnic of BH Appliance to the portgroup created above.
The capture vnic would show up as “Network Adapter 2” in the VM settings of the appliance.
In the screenshot below, the Network Adapter 2 of the bh-appliance is added to capture_portgroup.