Arista EOS enables many flexible capabilities for both control plane and data plane monitoring. Port Mirroring is one of the data plane monitoring facilities.
Port Mirroring is used to send a copy of packets seen on one port to a network monitoring connection on another switch port. Port Mirroring is commonly used with network probes or other monitoring devices, for example intrusion detection devices, latency analyzers or packet capture and protocol analysis tools.
These dedicated devices can be used for the identification of security breaches, capacity and performance related matters or for analyzing the network traffic. They are usually deployed on permanently connected and dedicated network interfaces providing the ability to collect data over time, and to provide real time information when required. As a result of an increase in the numbers of ports used for dedicated analysis devices connected to the infrastructure the ability to support more than one or two mirror sessions on a switch is important.
Arista switches support multiple port mirroring sessions avoiding the need to compromise on the use of these tools.
Overview of Port Mirroring
Port Mirroring is achieved by configuring one or more mirroring sessions. A mirroring session is an association between a set of mirror source ports (ports whose traffic is being mirrored as part of the session) and a mirror destination port (a port to which mirrored traffic is sent). Port mirroring is performed in hardware on all Arista switch platforms.
Port Mirroring does not affect the switching of traffic on source ports, a copy of the packets received or sent by the source are sent to the destination port. Destination ports do not receive any other traffic except for traffic that is required for the port mirroring.
A port mirroring “session” is an association of the destination ports with one or more source ports. It is possible to monitor incoming (Rx) or outgoing (Tx) traffic on a series or range of ports in a single session.
Platform Port Mirroring Capabilities
Each switch platform has different capabilities as shown below for each of the ASICs:
|Platform||7048T (Petra)||71xx (Bali)||7500 (Petra)||7050 (Trident)||7150 (Alta)|
|# of simultaneous mirror sessions||16||4||16||4(2)1||42|
|Support for Port Channel as a source port||Yes||Yes||Yes||Yes||Yes|
|Support for Rx and Tx Direction||Yes||Yes||Yes||Yes||Yes|
1 – If mirroring is configured for “both” directions, the number of monitor sessions is limited to 2 2 – More monitor sessions are possible with future releases
Port Mirroring Setup
The CLI for port mirrors is base on the industry standard. The following commands are supported:
monitor session <name> source interface <interface list> [ rx | tx | both ] monitor session <name> destination <interface>
Step 1 – Create the monitor sessions with a source interface
7050-1(config)#monitor session test1 ? destination Mirroring destination configuration commands source Mirroring source configuration commands
7050-1(config)#monitor session test1 source ? Ethernet Ethernet interface Port-Channel Lag interface
7050-1(config)#monitor session test1 source ethernet 1 ? both Configure mirroring in both transmit and receive directions rx Configure mirroring only in receive direction tx Configure mirroring only in transmit direction , extend list - specify range <cr> 7050-1(config)#monitor session test1 source ethernet 1 7050-1(config)#
Alternatively create a port range to monitor multiple ports
7050-1(config)#monitor session test1 source ethernet 1-4 7050-1(config)#
Or use a list of ports to monitor interesting interfaces
7050-1(config)#monitor session test1 source ethernet 1,3,5,7-9 7050-1(config)#
Specifying the optional direction of “Rx” or “Tx” controls the direction of mirroring, with “both” being the default.
7050-1(config)#monitor session test1 source ethernet 1-4 tx 7050-1(config)#
Additionally a port channel can be a monitor source.
7050-1(config)#monitor session test2 source port-Channel 1 7050-1(config)#
To add or remove source ports on a mirroring session the command can be issued multiple times. Any new ports are added to the existing list, and existing ones are retained. Similarly to remove ports from the mirroring session use the “no” format of the command and any commands not listed are retained on the session.
Step 2 Set the monitor destination
7050-1(config)#monitor session test1 destination et 24 7050-1(config)#
To verify the mirror session entry use the following command:
7050-1#sh monitor session
Session test1 ------------------------ Source Ports Tx Only: Et1, Et2, Et3, Et4, Et5, Et7, Et8 Et9 Destination Port: Et24
The status of the interface for active monitoring session destination ports is changed to “monitoring” in all show interface commands that display the interface status.
7050-1#sh int et24 status Port Name Status Vlan Duplex Speed Type Et24 connect monitoring full 10G Not Present
To delete the mirror session use the “no monitor session” command. Omitting the session number deletes all mirror sessions.
[no] monitor session [n]
Separate Rx and Tx Mirror Destinations
In release 4.8 and later of Arista EOS a mirroring session can support separating out the interface Rx and Tx traffic to different mirror destinations to ensure that monitoring equipment is not overloaded. This is important where wire speed 10Gb Ethernet interfaces could create up to 20Gb of mirrored traffic due to the full duplex nature of the interfaces.
7050-1(config)#monitor session rxTest source e1 rx 7050-1(config)#monitor session txTest source e1 tx