ā06-17-2021 06:01 AM
Hello,
I'd like to create a span session in my ACI infrastructure, typically from my proxy appliance attached to physical port on a LEAF toward a remote VM acting as a sniffer receptor, running Wireshark.
I have tested few methods for configuring SPAN policies:
- from Fabric\Access Policies\Troubleshooting\SPAN
- from Fabric\Fabric Policies\Troubleshooting\SPAN
- from Tenant\Policies\Troubleshooting\SPAN
But I don't receive any packets.
Other relevant information:
The source SPAN is located from TENANT DMZ :
TENANT:DMZ
Application Profile: AP-LEGACY
epg-DMZ-APPLICATION.220
The remote SPAN port is located somewhere on a VM in another TENANT:
TENANT: RIZIV-INAMI
Application Profile: AP-ON-DCS
epg-ON-DCS-ADMIN.804
VM is running on a blade on a vPC....
I tried to apply configuration settings from, chapter
but it doesn't work
The only relevant fault seen in the event is:
In the stats I can see traffic matching, but also a warning
code="F1559"
descr="Fault delegate: Failed to configure SPAN with destination SNIFFER of destination group SNIFFER on tenant DMZ due to Invalid Destination Epg"
Affected Object: topology/pod-1/node-102/local/svc-policyelem-id-0/uni/tn-DMZ/destgrp-SNIFFER/dest-SNIFFER]-fault-F1559"
Any idea about this? Did I missed a mandatory step(s) before setting SPAN session?
Beforehand thanks for any help.
Here under a picture of the topology of my network:
kind regards
Solved! Go to Solution.
ā06-17-2021 07:45 AM
By configuring the SPAN destination as an IP, what you actually configure is ERSPAN (Encapsulated Remote SPAN). This flavor of SPAN is encapsulating the mirrored traffic intro a GRE with destination IP configured by you. But since your BD is in L2, the fabric doesn;t know about that Endpoint (IP). You either configure a classic SPAN (where you select a destination interface) or you enable routing on your BD.
Stay safe,
Sergiu
ā06-21-2021 12:39 AM
Your'e right, in fact I've mistaken with the source IP/prefix.
Since I've set the good prefix I can see the gre packets arriving on my sniffer.
Many thanks for the support.
Kind regards,
Gildas
ā06-17-2021 06:41 AM
You're going to want a Tenant SPAN most likely. This would allow you to specific the PRoxy EPG as a source group, and the Sniffer EPG as the destination group. What does your SPAN policy look like? That fault definitely points to some config issue.
Robert
ā06-17-2021 07:04 AM
Hello Robert,
Thanks for your quick reaction, you can find here below further information about my policy.
Indeed, in source, I've selected the DMZ Tenant and did:
Kind regards,
Gildas
ā06-18-2021 12:12 AM
Hello,
I did the change of the destination IP without prefix, but it doesn't fix the issue, no GRE traffic toward my destination sniffer.
Kind regards,
Gildas
ā06-17-2021 06:45 AM
if your destination VM is learned as an IP inside your EPG (so basically you have a L3 BD), you can use ERSPAN.
Stay safe,
Sergiu
ā06-17-2021 07:05 AM
Hello Sergiu,
Thanks for your quick reaction, you can find here below further information about my policy.
At my knowledge, source and destination BD are set in L2 because hosted behind a firewall.
Indeed, in source, I've selected the DMZ Tenant and did:
Kind regards,
Gildas
ā06-17-2021 07:45 AM
By configuring the SPAN destination as an IP, what you actually configure is ERSPAN (Encapsulated Remote SPAN). This flavor of SPAN is encapsulating the mirrored traffic intro a GRE with destination IP configured by you. But since your BD is in L2, the fabric doesn;t know about that Endpoint (IP). You either configure a classic SPAN (where you select a destination interface) or you enable routing on your BD.
Stay safe,
Sergiu
ā06-18-2021 12:09 AM
Hello,
Ok, so if I good understand I need to set my destination BD as L3.
I have few questions about it.
When I set the BD in L3, a pervasive gateway will be published. But now my Gateway is a firewall cluster and must remains the firewall, so I guess that I must set a different VIP for this.
So the question is, is it disruptive for the ongoing traffic? and is it possible to do it by this way?
Beforehand thanks
Gildas
ā06-20-2021 11:52 PM
Hello,
I've set a the destination BD as L3 but it doesn't work.
I can't see incoming packets and no GRE packets neither.
Do I also need to set the source BD as L3?
Did I forgot a step? At this point I can't see any fault when applying the SPAN policy at the TENANT level.
Best regards,
ā06-21-2021 12:39 AM
Your'e right, in fact I've mistaken with the source IP/prefix.
Since I've set the good prefix I can see the gre packets arriving on my sniffer.
Many thanks for the support.
Kind regards,
Gildas
ā09-28-2022 11:41 PM
Hi, if I want to configure erspan for l2 destination can I use a BD/EPG setup with a dummy ip and do a static binding for the l2 destination under EPG?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide