An Netvisor OS fabric administrator can run services and applications within the switch. Consider the use case of an application that needs access to data that is flowing through the switch, but does not want to impede that flow. The port-mirroring feature provides this functionality.
The system predefines a mirror configuration, but does not insert any traffic into that mirror. Use the following steps to setup mirroring to send from all of the data ports to the span port (port 66)The command syntax for mirror-modify is as follows:
CLI network-admin@Leaf1>mirror-modify out-port port-list in-port port-list [policy port|vflow] mirroring|no-mirroring
CLI network-admin@Leaf1>mirror-show [format fields-to-display] [parsable-delim character] [sort-asc] [sort-desc] [show dups] [layout vertical|horizontal] [show-interval seconds-interval]
View the status of mirroring by entering the following at the CLI command prompt:
The parameter out-port is not configured and mirroring is disabled therefore, no data mirroring can occur.
To modify the mirroring configuration, use the following steps:
1. Use the mirror-modify command to set the output to the span port. However, if there is more than 10Gb of traffic on ports 1-64, do not execute this command.
CLI network-admin@Leaf1>mirror-modify in-port 1-64 out-put 66 mirroring
To disable the configuration, use the following command:
CLI network-admin@Leaf1>mirror-modify no-mirroring
A port mirroring configuration that allows mirrored traffic to be transmitted to a remote host which is located across L2 or L3 IP network. This feature allows you to monitor traffic from source ports distributed over multiple switches, which means that you can centralize your network capture devices. Port Mirroring to a remote host works by mirroring the traffic from the source ports of a mirrored port session onto a VLAN that is dedicated for the port mirroring session. This VLAN isthen trunked to other switches, allowing session traffic to be transported across multiple switches. On the switch that contains the destination port for the session, traffic from the session VLAN is simply mirrored out the destination port. Parameters are available for the mirror-create command for this feature.
Mirroring Traffic to a Virtual Machine (VM) Interface
Mirroring traffic coming from a switch port rear facing network interface card (NIC) to a VM NIC is now supported. This feature is useful for several reasons:
Viewing incoming traffic from front facing ports.
Troubleshooting issues if traffic is not running as expected.
Using a firewall, running as an application on a VM, for all incoming traffic.
This feature is related to the existing mirror-create command which mirrors traffic from any port to a rear facing NIC and uses the parameter option mirror-traffic on the Netvisor OS-kvm-interface-add command.
Netvisor OS provides a full set of traffic class features, including the ability to view and create traffic classes, as well as assign traffic classes to flows to manage the quality of service of the flow traffic and shape the traffic passing through an Netvisor fabric.
To display the currently defined traffic classes:
name scope type priority
------------- ------ ------ --------
meter fabric system 0
guaranteed_bw fabric system 9
lossless fabric system 10
control fabric system 11
The higher the priority number, the higher the priority of the class. To add a vflow class, use the vflow-class-create command:
CLI network-admin@Leaf1>vflow-class-create name traffic-1 scope fabric priority 5
This creates a traffic class with a scope of fabric and medium priority.
To add a traffic class to a vFlow, create a vFlow and assign a traffic class. In this case the flow is for a single IP address:
CLI network-admin@Leaf1>vflow-create name losslessflow scope local src-ip 10.11.1.10 src-ip-mask 255.255.255.255 action none flow-class lossless
CLI network-admin@Leaf1>vflow-show name losslessflow layout vertical
Traffic from IP address 10.11.1.10 now has a very high priority throughout the switch. For a similar high priority throughout the fabric use scope fabric rather than scope local.
When a TCP session goes through the NPU, and capacity is exceeded, the return traffic with TCP ACK packets can get dropped from the session. To avoid this, create a flow that matches the TCP ACK packets and set a higher precedence for it.