Configure Fabric Non-ICL Ports as Mirror Source

About this task

Mirror the traffic from the spine and super spine ports onto the mirror destination port. The provisioning model is inline with the ICL port channel mirroring.

Click to expand in new window
5-stage Clos topology
Note

Note

  1. Spine and super spine ports can be a member of the shared tenant only and not the private tenant.
  2. Spine and super spine ports can be a member of the port profile EPG only and not any other EPG.
  3. You cannot create a port channel using the spine and super spine ports.
  4. You cannot apply any other configurations on the spine or super spine.

Procedure

  1. Create a shared tenant using the spine and super spine ports.
  2. Create an EPG port profile with spine and super spine ports as endpoints of an EPG. Ensure that the port profile EPG is under the shared tenant. This creates an ACL application on the spine and super spine ports for flow-based mirroring.
    efa tenant epg create --name <epg-name> --tenant <tenant-name>
         --type port-profile --port <spine-and-super-spine-mirror-ports> 
         --pp-ip-acl-in <acl-name> --pp-ip-acl-out <acl-name> --pp-ipv6-acl-in <acl-name>
    
  3. Create a mirror session using spine and super spine ports as a mirror source.
    efa tenant service mirror session create –name <session-name> --tenant <tenant-name>
        --source {<device-ip>,<eth | po | vlan>,<if-name>} 
        --type {<source-device-ip>,<eth | po | vlan>,<source-if-name>:<port-based | flow-based>}
        --destination-type {<source-device-ip>,< eth | po | vlan>,<source-if-name>:<span>}
        --destination {<source-device-ip>,<eth | po | vlan>,<source-if-name> : 
                       <destination-device-ip>,<eth | po | vlan>,<destination-if-name>
        --direction {<source-device-ip>,< eth | po | vlan>,<source-if-name> : <tx | rx | both>}
    For example,
    (efa:root)root@node-2:~# efa tenant show
    +---------+------+-------+-----+------+-----+------+-------------------------+--------------------+
    |  Name   | Type |VLAN   |L2VNI| L3VNI|VRF  |Enable|         Ports           |Mirror Destination  |
    |         |      |Range  |Range| Range|Count|BD    |                         |Ports               |
    +---------+------+-------+-----+------+-----+------+-------------------------+--------------------+
    |tenant11 |shared|100-103|     |      |10   |false |10.20.246.1              |10.20.246.1[0/17-18]|
    |         |      |       |     |      |     |      |[0/10-11,0/31-32,0/9:1-4]|10.20.246.1[0/17-18]|
    |         |      |       |     |      |     |      |10.20.246.3[0/10-15]     |10.20.246.3[0/1-9]  |
    |         |      |       |     |      |     |      |10.20.246.4[0/1-15]      |                    |
    +---------+------+-------+-----+------+-----+------+-------------------------+--------------------+
    |tenant111|shared|104-105|     |      |10   |false |10.20.246.1              |[0/13-15,0/19,      |
    |         |      |       |     |      |     |      |[0/14-15,0/13:1-4]       |0/12:1-4]           |
    |         |      |       |     |      |     |      |10.20.246.2              |                    |
    +---------+------+-------+-----+------+-----+------+-------------------------+--------------------+
    (efa:root)root@node-2:~# efa tenant epg show
    +-------+---------+------------+-----------+--+---------+-----------+-----+---+------+-------------------+
    | Name  | Tenant  |    Type    |   Ports   |PO|Switch   |Native Vlan|Ctag |Vrf| L3Vni|       State       |
    |       |         |            |           |  |POrt Mode|  Tagging  |Range|   |      |                   |
    +-------+---------+------------+-----------+--+---------+-----------+-----+---+------+-------------------+
    |epgv421|tenant111|port-profile|10.20.246.2|  |         |   false   |     |   |      |epg-with-port-group|
    |       |         |            |[0/19]     |  |         |           |     |   |      |                   |
    +-------+---------+------------+-----------+--+---------+-----------+-----+---+------+-------------------+
    
    efa tenant service mirror session create --name m2 --tenant "tenant11" --source 10.20.246.1,eth,0/9:1  
           --type 10.20.246.1,eth,0/9:1:port-based 
           --destination 10.20.246.1,eth,0/9:1:10.20.246.1,eth,0/17 
           --destination-type 10.20.246.1,eth,0/9:1:span 
           --direction 10.20.246.1,eth,0/9:1:rx
    efa tenant service mirror session create --name m3 --tenant tenant11 --source 10.20.246.1,eth,0/9:1 
           --type 10.20.246.1,eth,0/9:1:port-based 
           --destination 10.20.246.1,eth,0/9:1:10.20.246.1,eth,0/17 
           --destination-type 10.20.246.1,eth,0/9:1:span 
           --direction 10.20.246.1,eth,0/9:1:tx
    efa tenant epg create –name epgv421 –tenant tenant111 --type port-profile           
           --port 10.20.246.2[0/19] --pp-ipv6-acl-in ext-ipv6-permit-any-mirror-acl
    efa tenant service mirror session create --name ms3 --tenant tenant111 --source 10.20.246.2,eth,0/19 
           --type 10.20.246.2,eth,0/19:flow-based 
           --destination 10.20.246.2,eth,0/19:10.20.246.2,eth,0/18 
           --destination-type 10.20.246.2,eth,0/19:span 
           --direction 10.20.246.2,eth,0/19:tx
    
    efa tenant service mirror session create --name ms4 --tenant tenant111 --source 10.20.246.2,eth,0/19 
    	--type 10.20.246.2,eth,0/19:flow-based 
    	--destination 10.20.246.2,eth,0/19:10.20.246.2,eth,0/18 
    	--destination-type 10.20.246.2,eth,0/19:span 
    	--direction 10.20.246.2,eth,0/19:rx
  4. Verify the switch configuration on the SLX device.
    10.20.246.1 [PORT-BASED MIRRORING]
    
    SLX# show running-config monitor session  
    monitor session 1
     source ethernet 0/9:1 destination ethernet 0/17 direction rx
    !
    monitor session 2
     source ethernet 0/9:1 destination ethernet 0/17 direction tx
    !
    
    SLX# show monitor session 1
    Session                : 1
    Type                   : SPAN
    Description            : [None]
    State                  : Enabled
    Source Interface       : Eth 0/9:1
    Destination Interface  : Eth 0/17 (Down)
    Direction              : rx
    Type                   : port-based
    
    SLX# show monitor session 2
    Session                : 2
    Type                   : SPAN
    Description            : [None]
    State                  : Enabled
    Source Interface       : Eth 0/9:1
    Destination Interface  : Eth 0/17 (Down)
    Direction              : tx
    Type                   : port-based
    10.20.246.2 [FLOW-BASED MIRRORING]
    
    SLX# show running-config ipv6 access-list
    ipv6 access-list extended ext-ipv6-permit-any-mirror-acl
     seq 10 permit ipv6 any any mirror
    !
    
    SLX# show running-config interface ethernet 0/19
    interface ethernet 0/19
       ip address 10.10.10.1/31
       ipv6 access-group ext-ipv6-permit-any-mirror-acl in
       no shutdown
    !
    
    SLX# show running-config monitor session  
    monitor session 1
     source ethernet 0/19 destination ethernet 0/18 direction tx flow-based
    !
    monitor session 2
     source ethernet 0/19 destination ethernet 0/18 direction rx flow-based
    !
    SLX# show monitor session 1
    Session                : 1
    Type                   : SPAN
    Description            : [None]
    State                  : Enabled
    Source Interface       : Eth 0/19
    Destination Interface  : Eth 0/18 (Down)
    Direction              : tx
    Type                   : flow-based
    
    SLX# show monitor session 2
    Session                : 2
    Type                   : SPAN
    Description            : [None]
    State                  : Enabled
    Source Interface       : Eth 0/19
    Destination Interface  : Eth 0/18 (Down)
    Direction              : rx
    Type                   : flow-based