Configuring Mirroring for vFlows and Ports


The Netvisor ONE fabric administrator can run services and applications within the switch. Consider the use case of an application needing access to data flowing through the switch, but does not want to impede that flow. The port-mirroring feature provides this functionality.


To create mirrored ports and flows, use the command:


CLI (network-admin@switch) > mirror-create name name-string direction [ingress|egress|bidirectional] in-port port-list out-port port-list span-encap [none|over-ip|over-vlan] span-local-ip ip-address span-remote-ip ip-address span-src-mac mac-address span-dst-mac mac-address span-tagging-vlan  span-tos <0-7>


Where:


name name-string

Specify the mirror name.

direction [ingress|egress|bidirectional]

Specify the direction of the mirrored traffic.

in-port port-list

Specify the incoming traffic port

out-port port-list

Specify the outgoing traffic port

span-encap [none|over-ip|over-vlan]

Specify the mirror span type. The default value is none.

span-local-ip ip-address

Specify the local IPv4 address.

span-remote-ip ip-address

Specify the remote IPv4 address.

span-src-mac mac-address

Specify the source MAC address for the span.

span-dst-mac mac-address

Specify the destination MAC address for the span.

span-tagging-vlan vlan-Id 

Specify the    mirror span vlan tagging ID. The default value is none.

span-tos <0-7>

Specify the mirror span tos. The default value is none.


For example, to create mirror over an IP with Encapsulated Remote Port Analyzer (ERSPAN), use the following command:


CLI (network-admin@switch) > mirror-create name test1 in-port 1 out-port 8 span-encap over-ip span-local-ip 1.1.1.1 span-remote-ip 2.2.2.2 span-src-mac 33:44:55:66:77:88 span-dst-mac 99:aa:bb:cc:dd:ee span-tagging-vlan 100


In this configuration, the mirror destination is marked as BCM_MIRROR_DEST_TUNNEL_IP_GRE, with VLAN tagging and TOS setting as optional parameters.

 

To create mirror over Vlan or layer 2 network with Remote Port Analyzer (RSPAN) encapsulation, use the following command:


CLI (network-admin@switch) > mirror-create name test4 in-port 1 out-port 16 span-encap over-vlan span-tagging-vlan 200


This configuration is based on 802.1Q vlan tagging. The mirror packet tags the target vlan and the mirror destination is marked as BCM_MIRROR_DEST_TUNNEL_L2, which triggers the encapsulation. Do not use Vlan0 as a valid tag because vlan0 is considered invalid for tagging.

 

To create a vflow mirror with ERSPAN encapsulation, use the command:


CLI (network-admin@switch) > vflow-create name testvflow1 scope local src-ip 40.1.1.8 mirror test1


Netvisor ONE pre-defines a mirror configuration, but does not insert any traffic into that mirror.


Use the following steps to setup mirroring to send from all of the data ports to the span port. The span port varies from platform to platform and you must specify the span port based on your platform. You can modify the mirror configuration using the mirror-modify command:


CLI (network-admin@switch) > mirror-modify name name-string out-port port-list in-port port-list [policy port|vflow] mirroring|no-mirroring

 

CLI (network-admin@switch) > mirror-show [format fields-to-display] [parsable-delim character] [sort-asc] [sort-desc] [show dups] [layout vertical|horizontal] [show-interval seconds-interval]


To view the details of a mirror configuration that you had created already, use the mirror-show command. For example, if you had created the following configuration,


CLI (network-admin@switch) > mirror-create name test direction bidirection out-port 10.


To view the details, use the command:


CLI (network-admin@switch) > mirror-show

 

name direction   out-port in-port filtering enable other-egress-out nvie-mirror

---- ----------- -------- ------- --------- ------ ---------------- -----------

test bidirection   10       none    port      yes     prevent          false       

 

 

To modify, use:


CLI (network-admin@ursa-onvl-11) > mirror-modify name test out-port 20

 

To View changed details, use:


CLI (network-admin@ursa-onvl-11) > mirror-show

 

name direction   out-port in-port filtering enable other-egress-out nvie-mirror

---- ----------- -------- ------- --------- ------ ---------------- -----------

test bidirection 20       none    port      yes    prevent          false       

 

Netvisor does not configure the parameter out-port and disables mirroring, therefore, no data mirroring can occur.


To modify the mirror configuration, use the following steps:


Use the mirror-modify command to set the output to the span port. However, if you have more than 10Gb of traffic on ports 1-64, do not execute this command.


CLI (network-admin@switch) > mirror-modify in-port 1-64 out-port 66 enable

 

mirror-show

switch:        T6001-ON

direction:     bidirection

out-put:       66

in-port:       1-64

state:            enable

 

To disable the configuration, use the following command:


CLI (network-admin@switch) > mirror-modify in-port 1-64 out-port 66 disable

 

mirror-show

switch: T6001-ON

direction: bidirection

out-port: 66

in-port: 1-64

state: disable