Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
1
Replies

ERSPAN and RSPAN on Nexus 9000 - VXLAN EVPN Fabric

justclash4
Level 1
Level 1

‎09-09-2024 04:42 PM - edited ‎09-09-2024 04:42 PM

Hi, I have a traffic analyzer service and I need to mirror a specific vlan's traffic to the interface that my analyzer is connected to.
VXLAN-EVPN is employed in data center network.

I have 4 leafs and the mentioned vlan exists on all leafs.

Traffic analyzer's port is connected to leaf-2 (the interface that traffic should be mirrored to).

I configured ERSPAN but when I was configuring ERSPAN on leaf-2 to receive traffic it shows this error:

Leaf-2(config)# monitor session 1 type erspan-destination
Error: 'feature nv overlay' is enabled. ERSPAN destination configuration is not allowed.

after I understand that I can not use ERSPAN, I choose to work with RSPAN and then I got that "remote-span" command under vlan configuration does not exists.

Now I dont know how to mirror the traffic in VXLAN EVPN fabric. Is there any way to do this?
one way is to connect the traffic analyzer to all leafs and perform a local span but I prefer not to do this.

Thank you.

2 people had this problem
0 Helpful
1 Reply 1

AshSe
VIP
VIP

‎01-28-2025 12:43 AM

Hello @justclash4 

In a VXLAN-EVPN fabric, mirroring traffic from a specific VLAN across multiple leaf switches to a single destination (like your traffic analyzer) can be challenging due to the distributed nature of the fabric and the limitations of certain features like ERSPAN and RSPAN in VXLAN environments. However, there are still ways to achieve your goal. Below are some options and considerations:

1. Use VXLAN Encapsulation for Traffic Mirroring

Since VXLAN-EVPN is already in use, you can leverage VXLAN encapsulation to mirror traffic across the fabric. Some vendors support VXLAN-based traffic mirroring, where mirrored traffic is encapsulated in VXLAN and sent to a specific destination (e.g., the traffic analyzer). This requires the following:

  • Configuring a dedicated VXLAN VNI for mirroring traffic.
  • Setting up a destination for the mirrored traffic (e.g., the traffic analyzer's IP address).
  • Configuring the source leaf switches to mirror traffic from the VLAN to the VXLAN VNI.

Check your switch vendor's documentation to see if VXLAN-based mirroring is supported and how to configure it.

2. Use Local SPAN on Each Leaf and Forward to the Analyzer

If VXLAN-based mirroring is not supported, you can use local SPAN on each leaf switch to mirror the VLAN traffic to a specific port. Then, you can forward the mirrored traffic to the traffic analyzer connected to Leaf-2. This can be achieved by:

  • Configuring a dedicated VLAN for mirrored traffic.
  • Using local SPAN on each leaf to mirror the VLAN traffic to a port that is part of the dedicated VLAN.
  • Configuring VXLAN to transport the mirrored traffic VLAN to Leaf-2.
  • On Leaf-2, configure a local SPAN session to mirror the traffic from the dedicated VLAN to the traffic analyzer's port.

This approach requires some additional configuration but avoids the need to connect the traffic analyzer to all leaf switches.

3. Use an External Tap Aggregator

If your network supports it, you can use an external tap aggregation device. These devices are designed to aggregate mirrored traffic from multiple sources and forward it to a single destination (e.g., your traffic analyzer). This approach requires:

  • Configuring local SPAN on each leaf to send mirrored traffic to a port connected to the tap aggregator.
  • Connecting the tap aggregator to the traffic analyzer.

While this approach requires additional hardware, it simplifies the configuration and centralizes traffic analysis.

4. Check for Vendor-Specific Features

Some switch vendors provide proprietary features for traffic mirroring in VXLAN-EVPN fabrics. For example:

  • Cisco Nexus switches support "Inband ERSPAN" in some cases, which allows ERSPAN traffic to be sent over the VXLAN fabric.
  • Arista switches may have similar features for mirroring traffic in VXLAN environments.

Check your switch vendor's documentation or contact their support team to see if such features are available.

5. Use a Dedicated Physical Connection

If none of the above options are feasible, you may need to connect the traffic analyzer to all leaf switches and use local SPAN on each leaf. While this is not ideal, it ensures that you can capture traffic from all sources.

Why RSPAN and ERSPAN Are Not Working

  • RSPAN: The remote-span command is not available because RSPAN is not supported in VXLAN-EVPN fabrics. VXLAN replaces traditional VLAN-based forwarding, and RSPAN relies on VLANs to transport mirrored traffic.
  • ERSPAN: The error you encountered (feature nv overlay is enabled) indicates that ERSPAN destination configuration is not allowed when VXLAN (NV overlay) is enabled. This is a limitation of the platform.

Recommendation

The best approach depends on your network's capabilities and requirements. If your switches support VXLAN-based mirroring, that would be the most efficient solution. Otherwise, consider using a dedicated VLAN for mirrored traffic and forwarding it to Leaf-2 using VXLAN.

If you need further assistance, please provide details about your switch vendor and model, as well as any specific requirements or constraints.

 

Hope This Helps!!!

AshSe

Forum Tips: 

  1. Insert photos/images inline - don't attach.
  2. Always mark helpful and correct answers, it helps others find what they need.
  3. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card