Configure Port-Based Mirroring in a Multi-Tenant Architecture

Procedure

  1. Run the following commands to configure access control list applications on Ethernet or port channel and VLAN or virtual Ethernet:
    efa tenant service mirror session create –-name <session-name> --tenant <tenant-name>
            
       --source {<device-ip>,<eth | po | vlan>,<if-name>}
       --type {<source-device-ip>,<eth | po | vlan>,<source-if-name>:<port-based | flow-based>}
            
       --destination {<source-device-ip>,<eth | po | vlan>,<source-if-name> : 
    	            <destination-device-ip>,<eth | po | vlan>,<destination-if-name}
       --destination-type {<source-device-ip>,< eth | po | vlan>,<source-if-name>:<span>}
                    	
    
       --direction {<source-device-ip>,< eth | po | vlan>,<source-if-name> : <tx | rx | both>}
    
    
    (efa:root)root@node-2:~# efa tenant show
    +------------+--------+------+-----+------+------+-------+----------------------+-------------------+
    |    Name    |  Type  | VLAN |L2VNI| L3VNI| VRF  | Enable|         Ports        |   Mirroring Ports |
    |            |        | Range|Range| Range| Count| BD    |                      |                   |
    +------------+--------+------+-----+------+------+-------+----------------------+-------------------+
    |sharedTenant| shared |      |     |      | 0    | false |                      | 10.20.246.15[0/31]|
    |            |        |      |     |      |      |       |                      | 10.20.246.16[0/31]|
    |            |        |      |     |      |      |       |                      | 10.20.246.21[0/31]|
    |            |        |      |     |      |      |       |                      | 10.20.246.22[0/31]|
    |            |        |      |     |      |      |       |                      | 10.20.246.25[0/31]|
    |            |        |      |     |      |      |       |                      | 10.20.246.26[0/31]|
    +------------+--------+------+-----+------+------+-------+----------------------+-------------------+
    |    ten1    | private| 11-20|     |      | 10   | false | 10.20.246.15[0/1-10] |                   | 
    |            |        |      |     |      |      |       | 10.20.246.16[0/1-10] |                   |
    +------------+--------+------+-----+------+------+-------+----------------------+-------------------+
    |    ten2    | private| 21-30|     |      | 10   | false | 10.20.246.15[0/11-20]|                   |
    |            |        |      |     |      |      |       | 10.20.246.16[0/11-20]|                   |
    +------------+--------+------+-----+------+------+-------+----------------------+-------------------+
    
    
    (efa:root)root@node 2:~# efa tenant po show
    +-------+-------+----+------+-----+------------+---------+--------+-------------------+-----------+-------------+------------+
    |  Name | Tenant| ID |Speed | MTU |Negotiation |Min Link |  Lacp  |        Ports      |    State  |  Dev State  |  App State |
    |       |       |    |      |     |            |  Count  | Timeout|                   |           |             |            |
    +-------+-------+----+------+-----+------------+---------+--------+-------------------+-----------+-------------+------------+
    |ten1po1| ten1  |  2 |10Gbps|     |   active   |   1     |   long | 10.20.246.15[0/1] | po-created| provisioned | cfg-in-sync|
    |       |       |    |      |     |            |         |        | 10.20.246.16[0/1] |           |             |            |
    +-------+-------+----+------+-----+------------+---------+--------+-------------------+-----------+-------------+------------+
    |ten2po1| ten2  |  3 |10Gbps|     |   active   |   1     |   long | 10.20.246.15[0/11]| po-created| provisioned | cfg-in-sync|
    |       |       |    |      |     |            |         |        | 10.20.246.16[0/11]|           |             |            |
    +-------+-------+----+------+-----+------------+---------+--------+-------------------+-----------+-------------+------------+
    Example:
    10.20.246.15
    efa tenant service mirror session create --name ten1mirrorsession1 --tenant ten1
        --source 10.20.246.15,po,ten1po1
        --type 10.20.246.15,po,ten1po1:port-based
        
        --destination 10.20.246.15,po,ten1po1:10.20.246.15,eth,0/31
        --destination-type 10.20.246.15,po,ten1po1:span
        
        --direction 10.20.246.15,po,ten1po1:both
    10.20.246.16
    efa tenant service mirror session create –name ten1mirrorsession2 --tenant ten1
        --source 10.20.246.16,po,ten1po1
        --type 10.20.246.16,po,ten1po1:port-based
    
        --destination 10.20.246.16,po,ten1po1:10.20.246.16,eth,0/31
        --destination-type 10.20.246.16,po,ten1po1:span
    
        --direction 10.20.246.16,po,ten1po1:both
    10.20.246.15
    efa tenant service mirror session create –name ten2mirrorsession1 --tenant ten2
        --source 10.20.246.15,po,ten2po1
        --type 10.20.246.15,po,ten2po1:port-based
    
        --destination 10.20.246.15,po,ten2po1:10.20.246.15,eth,0/31
        --destination-type 10.20.246.15,po,ten2po1:span
                    
        --direction 10.20.246.15,po,ten2po1:both
    10.20.246.16
    efa tenant service mirror session create –name ten2mirrorsession2 --tenant ten2
        --source 10.20.246.16,po,ten2po1
        --type 10.20.246.16,po,ten2po1:port-based
    
        --destination 10.20.246.16,po,ten2po1:10.20.246.16,eth,0/31
        --destination-type 10.20.246.16,po,ten2po1:span
    
         --direction 10.20.246.16,po,ten2po1:both
  2. Verify the switch configuration on the SLX device.
    10.20.246.15
    SLX# show running-config monitor session
    monitor session 1
     source port-channel 2 destination ethernet 0/31 direction both
    !monitor session 2
     source port-channel 3 destination ethernet 0/31 direction both
    !
    SLX# show monitor session 1
    Session                 : 1
    Type                    : SPAN
    Description             : [None]
    State                   : Enabled
    Source Interface        : Po 2 (Down)
    Destination Interface   : Eth 0/31 (Down)
    Direction               : Both
    Type                    : port-based
    
    SLX# show monitor session 2
    Session                 : 2
    Type                    : SPAN
    Description             : [None]
    State                   : Enabled
    Source Interface        : Po 3 (Down)
    Destination Interface   : Eth 0/31 (Down)
    Direction               : Both
    Type                    : port-based
    10.20.246.16
    SLX# show running-config monitor session
    monitor session 1
     source port-channel 2 destination ethernet 0/31 direction both
    !monitor session 2
     source port-channel 3 destination ethernet 0/31 direction both
    !
    SLX# show monitor session 1
    Session                 : 1
    Type                    : SPAN
    Description             : [None]
    State                   : Enabled
    Source Interface        : Po 2 (Down)
    Destination Interface   : Eth 0/31 (Down)
    Direction               : Both
    Type                    : port-based
    
    SLX# show monitor session 2
    Session                 : 2
    Type                    : SPAN
    Description             : [None]
    State                   : Enabled
    Source Interface        : Po 3 (Down)
    Destination Interface   : Eth 0/31 (Down)
    Direction               : Both
    Type                    : port-based