cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
194
Views
0
Helpful
6
Replies

Packet inspection inside IOx

Hi,

 

I'm trying to build an application that could do packet inspection on the switch traffic (multiple interfaces)

I think this is possible because there exists a snort IPS ova by Cisco that does a similar thing.

What I'm missing is how exactly the application inside the container requests access to the packets flowing through the switch's interfaces?

Is it a just a simple SPAN done, setting the destination port to the vNIC or the VirtualPortGroup interface?

Or something else that needs to be configured on the IOSd side?

Is there a sample code that illustrates this?

 

thanks,

Nagasta

6 REPLIES 6
VIP Advisor

Re: Packet inspection inside IOx

If you want to fully visibility SPAN or TAP port is the best option.

 

BB
*** Rate All Helpful Responses ***

Re: Packet inspection inside IOx

My question is about doing packet inspection from an application (IOx).

I think your answer was about generally using TAP or SPAN.

Perhaps someone from Cisco could help with some leads?

Cisco Employee

Re: Packet inspection inside IOx

Just to be clear. Are you looking for port mirroring (like SPAN) one or more of switch's interface and directing the traffic towards container ? OR are you looking for container sniffing non-destined packets like in promiscuous mode ?

 

Which platform you have in mind? Cat9k or IE4K ?

Re: Packet inspection inside IOx

My desire is to snif selected interfaces from a container (application)

Both options you mentioned can be used to fulfill this desire - My question is what is feasible and what's the right way to do it.

I'm looking into Cat9k right now.

Cisco Employee

Re: Packet inspection inside IOx

Hi NagastaBakaruv,

For the cat9k XE-release 16.12, there is a dedicated, internal L2 interface "AppGigabitEthernet", that allows a container to have direct access to the front-panel data ports. Targeting the XE-release 17.2.1, this new interface should support RSPAN, ERSPAN to the container. The cat9k based RSPAN/ERSPAN features provide only port mirroring for IDS/sniffer type of applications. There is currently no support for packet redirection/IPS type of container solutions.

Note: cat9k VPG support is not supported for containers. Only management and AppGigabitEthernet are for 16.12 onwards.

 

As for router based IOX support, only management and VPG are supported. Since VPG is an L3 interface, only ERSPAN is supported to the apps.

Re: Packet inspection inside IOx

Thank you John, this was very helpful.

I could see the software releases on software.cisco.com but not the timeline for future releases.

Can you point me to a place where I can see when 17.2.1 will be released?

 

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards