You can configure flow-based mirroring in a multi-tenant architecture.
efa tenant epg create --name <epg-name> --tenant <tenant-name> --switchport --switchport-mode trunk –ctag-range <ctag-range> --port <mirror-source-port-list> --po <mirror-source-po-list> --pp-mac-acl-in <acl-name> --pp-mac-acl-out <acl-name> --pp-acl-in <acl-name> --pp-ip-acl-out <acl-name> --np-mac-acl-in <ctag:acl-name> --np-mac-acl-out <ctag:acl-name> --np-ip-acl-in <ctag:acl-name> --np-ip-acl-out <ctag:acl-name>
efa tenant service mirror session create –name? <session-name> --tenant <tenant-name> --source {<device-ip>,<eth | po | vlan>,<if-name>} --type {<source-device-ip>,<eth | po | vlan>,<source-if-name>:<port-based | flow-based>} --destination {<source-device-ip>,<eth | po | vlan>,<source-if-name> : <destination-device-ip>,<eth | po | vlan>,<destination-if-name} --destination-type {<source-device-ip>,< eth | po | vlan>,<source-if-name>:<span>} --direction {<source-device-ip>,< eth | po | vlan>,<source-if-name> : <tx | rx | both>} (efa:root)root@node-2:~# efa tenant show +--------------+---------+------+------+------+------+-------+----------------------+-------------------+ | Name | Type | VLAN | L2VNI| L3VNI| VRF | Enable| Ports | Mirroring Ports | | | | Range| Range| Range| Count| BD | | | +--------------+---------+------+------+------+------+-------+----------------------+-------------------+ | sharedTenant | shared | | | | 0 | false | | 10.20.246.15[0/31]| | | | | | | | | | 10.20.246.16[0/31]| | | | | | | | | | 10.20.246.21[0/31]| | | | | | | | | | 10.20.246.22[0/31]| | | | | | | | | | 10.20.246.25[0/31]| | | | | | | | | | 10.20.246.26[0/31]| +--------------+---------+------+------+------+------+-------+----------------------+-------------------+ | ten1 | private |11-20 | | | 10 | false | 10.20.246.15[0/1-10] | | | | | | | | | | 10.20.246.16[0/1-10] | | +--------------+---------+------+------+------+------+-------+----------------------+-------------------+ | ten2 | private |21-30 | | | 10 | false | 10.20.246.15[0/11-20]| | | | | | | | | | 10.20.246.16[0/11-20]| | +--------------+---------+------+------+------+------+-------+----------------------+-------------------+ (efa:root)root@node 2:~# efa tenant po show +---------+------+----+------+-----+------------+---------+-------+-------------------+------------+------------+------------+ | Name |Tenant| ID |Speed | MTU |Negotiation |Min Link | Lacp | Ports | State | Dev State | App State | | | | | | | | Count |Timeout| | | | | +---------+------+----+------+-----+------------+---------+-------+-------------------+------------+------------+------------+ | ten1po1 |ten1 | 2 |10Gbps| | active | 1 | long | 10.20.246.15[0/1] | po-created |provisioned |cfg-in-sync | | | | | | | | | | 10.20.246.16[0/1] | | | | +---------+------+----+------+-----+------------+---------+-------+-------------------+------------+------------+------------+ | ten2po1 |ten2 | 3 |10Gbps| | active | 1 | long | 10.20.246.15[0/11]| po-created |provisioned |cfg-in-sync | | | | | | | | | | 10.20.246.16[0/11]| | | | +---------+------+----+------+-----+------------+---------+-------+-------------------+------------+------------+------------+
efa tenant epg create –name ten1epg1 –tenant ten1 --switchport-mode trunk --po ten1po1 --ctag-range 11 --pp-ip-acl-in ext-ip-permit-any-mirror-acl --pp-ip-acl-out ext-ip-permit-any-mirror-acl efa tenant service mirror session create –name ten1mirrorsession1 --tenant ten1 --source 10.20.246.15,po,ten1po1 --type 10.20.246.15,po,ten1po1:flow-based --destination 10.20.246.15,po,ten1po1:10.20.246.15,eth,0/31 --destination-type 10.20.246.15,po,ten1po1:span --direction 10.20.246.15,po,ten1po1:both efa tenant service mirror session create –name ten2mirrorsession1 --tenant ten2 --source 10.20.246.15,po,ten2po1 --type 10.20.246.15,po,ten2po1:flow-based --destination 10.20.246.15,po,ten2po1:10.20.246.15,eth,0/31 --destination-type 10.20.246.15,po,ten2po1:span --direction 10.20.246.15,po,ten2po1:both |
efa tenant epg create –name ten2epg1 –tenant ten2 --switchport-mode trunk --po ten2po1 --ctag-range 21 --pp-ip-acl-in ext-ip-permit-any-mirror-acl --pp-ip-acl-out ext-ip-permit-any-mirror-acl efa tenant service mirror session create –name ten1mirrorsession2 --tenant ten1 --source 10.20.246.16,po,ten1po1 --type 10.20.246.16,po,ten1po1:flow-based --destination 10.20.246.16,po,ten1po1:10.20.246.16,eth,0/31 --destination-type 10.20.246.16,po,ten1po1:span --direction 10.20.246.16,po,ten1po1:both efa tenant service mirror session create –name ten2mirrorsession2 --tenant ten2 --source 10.20.246.16,po,ten2po1 --type 10.20.246.16,po,ten2po1:flow-based --destination 10.20.246.16,po,ten2po1:10.20.246.16,eth,0/31 --destination-type 10.20.246.16,po,ten2po1:span --direction 10.20.246.16,po,ten2po1:both |
10.20.246.15SLX# show running-config ip access-list ip access-list extended ext-ip-permit-any-mirror-acl seq 10 permit ip any any mirror ! SLX# show running-config interface Port-channel 2,3 interface Port-channel 2 description EFA Port-channel ten1po1 cluster-client auto switchport switchport mode trunk switchport trunk allowed vlan add 11 no switchport trunk tag native-vlan ip access-group ext-ip-permit-any-mirror-acl in ip access-group ext-ip-permit-any-mirror-acl out no shutdown ! interface Port-channel 3 description EFA Port-channel ten2po1 cluster-client auto switchport switchport mode trunk switchport trunk allowed vlan add 21 no switchport trunk tag native-vlan ip access-group ext-ip-permit-any-mirror-acl in ip access-group ext-ip-permit-any-mirror-acl out no shutdown ! SLX# |
10.20.246.16SLX# show running-config ip access-list ip access-list extended ext-ip-permit-any-mirror-acl seq 10 permit ip any any mirror ! SLX# show running-config interface Port-channel 2,3 interface Port-channel 2 description EFA Port-channel ten1po1 cluster-client auto switchport switchport mode trunk switchport trunk allowed vlan add 11 no switchport trunk tag native-vlan ip access-group ext-ip-permit-any-mirror-acl in ip access-group ext-ip-permit-any-mirror-acl out no shutdown ! interface Port-channel 3 description EFA Port-channel ten2po1 cluster-client auto switchport switchport mode trunk switchport trunk allowed vlan add 21 no switchport trunk tag native-vlan ip access-group ext-ip-permit-any-mirror-acl in ip access-group ext-ip-permit-any-mirror-acl out no shutdown ! SLX# |
10.20.246.15SLX# show running-config monitor session monitor session 1 source port-channel 2 destination ethernet 0/31 direction both !monitor session 2 source port-channel 3 destination ethernet 0/31 direction both ! SLX# show monitor session 1 Session : 1 Type : SPAN Description : [None] State : Enabled Source Interface : Po 2 (Down) Destination Interface : Eth 0/31 (Down) Direction : Both Type : flow-based SLX# show monitor session 2 Session : 2 Type : SPAN Description : [None] State : Enabled Source Interface : Po 3 (Down) Destination Interface : Eth 0/31 (Down) Direction : Both Type : flow-based |
10.20.246.16SLX# show running-config monitor session monitor session 1 source port-channel 2 destination ethernet 0/31 direction both !monitor session 2 source port-channel 3 destination ethernet 0/31 direction both ! SLX# show monitor session 1 Session : 1 Type : SPAN Description : [None] State : Enabled Source Interface : Po 2 (Down) Destination Interface : Eth 0/31 (Down) Direction : Both Type : flow-based SLX# show monitor session 2 Session : 2 Type : SPAN Description : [None] State : Enabled Source Interface : Po 3 (Down) Destination Interface : Eth 0/31 (Down) Direction : Both Type : flow-based |