• Introduction to Port Mirroring

 
 
Print Friendly, PDF & Email

Introduction

Arista EOS enables many flexible capabilities for both control plane and data plane monitoring. Port Mirroring is one of the data plane monitoring facilities.

Port Mirroring is used to send a copy of packets seen on one port to a network monitoring connection on another switch port. Port Mirroring is commonly used with network probes or other monitoring devices, for example intrusion detection devices, latency analyzers or packet capture and protocol analysis tools.

These dedicated devices can be used for the identification of security breaches, capacity and performance related matters or for analyzing the network traffic. They are usually deployed on permanently connected and dedicated network interfaces providing the ability to collect data over time, and to provide real time information when required. As a result of an increase in the numbers of ports used for dedicated analysis devices connected to the infrastructure the ability to support more than one or two mirror sessions on a switch is important.

Arista switches support multiple port mirroring sessions avoiding the need to compromise on the use of these tools.

Overview of Port Mirroring

Port Mirroring is achieved by configuring one or more mirroring sessions. A mirroring session is an association between a set of mirror source ports (ports whose traffic is being mirrored as part of the session) and a mirror destination port (a port to which mirrored traffic is sent). Port mirroring is performed in hardware on all Arista switch platforms.

Port Mirroring does not affect the switching of traffic on source ports, a copy of the packets received or sent by the source are sent to the destination port. Destination ports do not receive any other traffic except for traffic that is required for the port mirroring.

A port mirroring “session” is an association of the destination ports with one or more source ports. It is possible to monitor incoming (Rx) or outgoing (Tx) traffic on a series or range of ports in a single session.

Platform Port Mirroring Capabilities

Each switch platform has different capabilities as shown below for each of the ASICs:

Platform 7048T (Petra) 71xx (Bali) 7500 (Petra) 7050 (Trident) 7150 (Alta)
# of simultaneous mirror sessions 16 4 16 4(2)1 42
Support for Port Channel as a source port Yes Yes Yes Yes Yes
Support for Rx and Tx Direction Yes Yes Yes Yes Yes

1 – If mirroring is configured for “both” directions, the number of monitor sessions is limited to 2 2 – More monitor sessions are possible with future releases

Port Mirroring Setup

The CLI for port mirrors is base on the industry standard. The following commands are supported:

monitor session <name> source interface <interface list> [ rx | tx | both ]
monitor session <name> destination <interface>

Step 1 –  Create the monitor sessions with a source interface

7050-1(config)#monitor session test1 ?
destination  Mirroring destination configuration commands
source       Mirroring source configuration commands
7050-1(config)#monitor session test1 source ?
Ethernet      Ethernet interface
Port-Channel  Lag interface
7050-1(config)#monitor session test1 source ethernet 1 ?
both  Configure mirroring in both transmit and receive directions
rx    Configure mirroring only in receive direction
tx    Configure mirroring only in transmit direction
,     extend list
-     specify range
<cr>
7050-1(config)#monitor session test1 source ethernet 1 7050-1(config)#

Alternatively create a port range to monitor multiple ports

7050-1(config)#monitor session test1 source ethernet 1-4
7050-1(config)#

Or use a list of ports to monitor interesting interfaces

7050-1(config)#monitor session test1 source ethernet 1,3,5,7-9
7050-1(config)#

Specifying the optional direction of “Rx” or “Tx” controls the direction of mirroring, with “both” being the default.

7050-1(config)#monitor session test1 source ethernet 1-4 tx
7050-1(config)#

Additionally a port channel can be a monitor source.

7050-1(config)#monitor session test2 source port-Channel 1
7050-1(config)#

To add or remove source ports on a mirroring session the command can be issued multiple times. Any new ports are added to the existing list, and existing ones are retained. Similarly to remove ports from the mirroring session use the “no” format of the command and any commands not listed are retained on the session.

Step 2 Set the monitor destination

7050-1(config)#monitor session test1 destination et 24
7050-1(config)#

To verify the mirror session entry use the following command:

7050-1#sh monitor session
Session test1
------------------------
Source Ports
Tx Only:     Et1, Et2, Et3, Et4, Et5, Et7, Et8
Et9
Destination Port: Et24

The status of the interface for active monitoring session destination ports is changed to “monitoring” in all show interface commands that display the interface status.

7050-1#sh int et24 status
Port      Name              Status       Vlan        Duplex  Speed Type
Et24                        connect   monitoring    full    10G Not Present

To delete the mirror session use the “no monitor session” command. Omitting the session number deletes all mirror sessions.

[no] monitor session [n]

Separate Rx and Tx Mirror Destinations

In release 4.8 and later of Arista EOS a mirroring session can support separating out the interface Rx and Tx traffic to different mirror destinations to ensure that monitoring equipment is not overloaded. This is important where wire speed 10Gb Ethernet interfaces could create up to 20Gb of mirrored traffic due to the full duplex nature of the interfaces.

7050-1(config)#monitor session rxTest source e1 rx
7050-1(config)#monitor session txTest source e1 tx
Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: