Implement Capture filters and Virtual test access points

Contents

  1. 1 Summary
  2. 2 Reference
  3. 3 VTAP

Summary

A VTAP mirrors network traffic from a source (VNIC, LB, DB, VM cluster, autonomous DB) to a target (LB). Filter rules are needed to include or exclude actions (source/destination CIDRs, protocols (TCP, UDP, ICMP), and source/destination ports).

Reference

VTAP

Virtual Test Access Points

A Virtual Test Access Point (VTAP) provides a way to mirror traffic from a designated source to a selected target to facilitate troubleshooting, security analysis, and data monitoring.

The VTAP uses a capture filter, which contains a set of rules governing what traffic a VTAP mirrors. A VTAP is STOPPED by default at creation, so you need to click the Start VTAP before it mirrors traffic as intended.

You can create a capture filter while you create a VTAP, or assign an existing capture filter to a new VTAP.

In this example, the virtual machine in Subnet-A is sending traffic to another virtual machine in Subnet-B. The VTAP in Subnet-A checks traffic leaving the virtual machine. Since this traffic matches the capture filter in use, the VTAP mirrors the traffic to the target (in this case a network load balancer in Subnet-C). The backend set can then perform the appropriate analysis on the mirrored traffic.
VTAP components