You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network/virtual-network-tap-overview.md
+13-8Lines changed: 13 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,13 +23,13 @@ The following diagram shows how virtual network TAP works. You can add a TAP con
23
23
24
24
## Prerequisites
25
25
26
-
Before you can create a virtual network TAP, ensure you've received the confirmation email that you're enrolled in the preview. You must have one or more virtual machines created with [Azure Resource Manager](../azure-resource-manager/management/overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json), and a partner solution for aggregating the TAP traffic in the same Azure region. If you don't have a partner solution in your virtual network, see [partner solutions](#virtual-network-tap-partner-solutions) to deploy one.
26
+
You must have one or more virtual machines created with [Azure Resource Manager](../azure-resource-manager/management/overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json), and a partner solution for aggregating the TAP traffic in the same Azure region. If you don't have a partner solution in your virtual network, see [partner solutions](#virtual-network-tap-partner-solutions) to deploy one.
27
27
28
28
You can use the same virtual network TAP resource to aggregate traffic from multiple network interfaces in the same or different subscriptions. If the monitored network interfaces are in different subscriptions, the subscriptions must be associated to the same Microsoft Entra tenant. Additionally, the monitored network interfaces, and the destination endpoint for aggregating the TAP traffic can be in peered virtual networks in the same region. If you're using this deployment model, ensure that the [virtual network peering](virtual-network-peering-overview.md) is enabled before you configure virtual network TAP.
29
29
30
30
## Permissions
31
31
32
-
The accounts you use to apply TAP configuration on network interfaces must be assigned to the [network contributor](../role-based-access-control/built-in-roles.md?toc=%2fazure%2fvirtual-network%2ftoc.json#network-contributor) role or a [custom role](../role-based-access-control/custom-roles.md?toc=%2fazure%2fvirtual-network%2ftoc.json) that is assigned the necessary actions from the following table:
32
+
The accounts you use to apply TAP configuration on network interfaces must be assigned to the [network contributor](../role-based-access-control/built-in-roles.md?toc=%2fazure%2fvirtual-network%2ftoc.json#network-contributor) role or a [custom role](../role-based-access-control/custom-roles.md?toc=%2fazure%2fvirtual-network%2ftoc.json) that is assigned as the necessary actions from the following table:
33
33
34
34
| Action | Name |
35
35
|---|---|
@@ -38,16 +38,21 @@ The accounts you use to apply TAP configuration on network interfaces must be as
38
38
| Microsoft.Network/tapConfigurations/*| Required to create, update, read, and delete the TAP configuration on a network interface |
39
39
40
40
## Public preview limitations
41
-
Following are limitations during our preview.
42
-
- Virtual network TAP only supports virtual machine's (VM) network interface as a mirroring source. All VM SKU **except for v6** are supported.
41
+
Please note, limitations tagged with **[Temporary]** will be resolved at GA.
42
+
### Adding a source:
43
+
- Virtual network TAP only supports virtual machine's (VM) network interface as a mirroring source.
44
+
-[Temporary] v6 VM SKU aren't supported as a source.
45
+
-[Temporary] Before adding a VM as a source, you must **first deploy a virtual network TAP resource** and **then STOP (deallocate) and START the source VM**. This is required only once for any VM that will be added as a source. **If not done, you will get an erorr stating the NIC is not on fastpath**.
46
+
47
+
### Other Limitations
43
48
- Virtual network TAP supports Load Balancer or VM's network interface as a destination resource for mirrored traffic.
44
-
- Virtual network doesn't support Live Migration. VM set as source for virtual network TAP will have live migration disabled.
45
-
- VMs behind a Standard Load Balancer with Floating IP enabled can't be set as a mirroring source.
46
-
- VMs behind Basic Load Balancer can't be set as a mirroring source.
49
+
-[Temporary]Virtual network doesn't support Live Migration. Live Migration will be disabled for VMs set as a source.
50
+
-[Temporary]VMs behind a Standard Load Balancer with Floating IP enabled can't be set as a mirroring source.
51
+
- VMs behind Basic Load Balancer can't be set as a mirroring source. Basic Load Balancer is being deprecated.
47
52
- Virtual network doesn't support mirroring of inbound Private Link Service traffic.
48
53
- VMs in a virtual network with encryption enabled can't be set as mirroring source.
49
54
- Virtual network TAP doesn't support IPv6.
50
-
- When a VM is added or removed as a source, the VM might experience network downtime (up to 60 seconds).
55
+
-[Temporary]When a VM is added or removed as a source, the VM might experience network downtime (up to 60 seconds).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments