Aviz Networks details how vasn_tap captures and forwards traffic

Aviz Networks describes vasn_tap, a Linux-based packet tap for cloud-native environments that copies traffic, applies optional filtering and truncation, and forwards packets locally or through userspace VXLAN/GRE. The update matters for enterprise security and networking teams that need traffic visibility with configurable steering and low operational overhead.

Research Overview

The post positions vasn_tap as a “companion” component to the Aviz Service Node, designed to run on standard Linux hosts. It captures traffic from an input interface and then either forwards the result to a local output interface or encapsulates it for delivery to a remote collector.

According to the article, the approach avoids creating kernel tunnel devices because encapsulation is performed in userspace. The vendor describes the tool as configured through a single YAML file.

Key Findings

vasn_tap supports two capture backends: AF_PACKET and eBPF. The post says AF_PACKET is recommended for most deployments, while eBPF is described as suitable for newer kernels at version 5.10 with BTF.

The article describes packet processing that includes first-match ACL filtering and optional post-filter truncation. It also defines a default action that can be set to allow or drop packets for each configured run.

Technical Breakdown

For filtering, the post states first-match ACL rules can be up to 128 entries and can match on protocol and ports, IPv4 addresses or CIDR, eth_type, and VLAN, with single VLAN support. It also describes truncation as configurable from 64 to 9000 bytes, with automatic updates to IPv4 length and checksum after truncation.

For forwarding and tunneling, the post says userspace VXLAN (including VNI and a custom port) and GRE (with an optional key) are supported. It also describes a local L2 forwarding option and a drop mode when no output or tunnel is configured, including a use case for counting or monitoring.

Operational Impact

The post describes operational visibility through file-based statistics that include RX, TX, drop, truncation, filter-hit counts, rates, CPU percentage, and RSS, updated every second. It also references a vasn_tapctl counters command with a watch mode.

For operations, it lists vasn_tapctl functions including validate, apply, start, stop, restart, diagnose, dry-run, version, logs, and a one-command technical support bundle. The article says behavior changes are defined in the YAML configuration and take effect after a clean restart, with no CLI runtime flags and no in-band reloads.

Deployment and Use Cases

The post outlines a rapid deployment path using a prebuilt tarball, an install script, a /etc/vasn_tap/config.yaml configuration file, and a systemd service. It includes commands to start the service and run validation before start.

It provides example configurations for an AF_PACKET mode that allow all traffic with no tunnel and for VXLAN tunneling to a specified remote IP and VNI. The post states vasn_tap is intended for teams using Aviz Service Nodes for visibility, DPI, or AI-driven analytics, plus network engineers needing selective mirroring without SPAN port exhaustion.

Overall, the article frames vasn_tap as a configurable packet tap for Linux that supports AF_PACKET and eBPF capture, first-match ACL filtering with optional truncation, and forwarding via local L2 or userspace VXLAN/GRE. This “Blog Signals brief” is a fact-based summary of the vendor blog.