Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

ERSPAN from vDC on Nexus 7k

ben.posner
Level 1
Level 1

‎01-27-2014 09:30 AM - edited ‎03-07-2019 05:49 PM

Hey All,

I'm trying to setup an ERSPAN on our Nexus 7010 and running into some trouble. I want to span the data from a VLAN in our DMZ vDC and have the source configuration setup correctly (i believe).

monitor session 1 type erspan-source

  erspan-id 22

  vrf default

  destination ip 10.5.10.198

  source vlan 129 both

  no shut

the problem is occuring when i try to setup the ERSPAN origin. Documentation states that "The global origin IP address can be configured only in the default VDC. The value that is configured in the default VDC is valid across all VDCs. Any change made in the default VDC is applied across all nondefault VDCs." And sure enough if you try to configure the origin in the non-default vDC you get the following:

HZN-N7K-1-DMZ(config)# monitor erspan origin ip-address 10.12.1.231

ERROR: Per VDC origin IP not supported. Please use global mode

HZN-N7K-1-DMZ(config)# monitor erspan origin ip-address 10.12.1.231 global

ERROR: This config allowed ONLY in default VDC

So i drop to the ADMIN vDC and can then setup my erspan origin:

HZN-N7K-1-DMZ(config)# end
HZN-N7K-1-DMZ# exit
HZN-N7K-1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
HZN-N7K-1(config)# monitor erspan origin ip-address 10.5.11.41
ERROR: Per VDC origin IP not supported. Please use global mode
HZN-N7K-1(config)# monitor erspan origin ip-address 10.5.11.41 global
HZN-N7K-1(config)#

So that config takes and i guess everything looks correct. the ADMIN vDC shows no sessions running, as i would expect:

HZN-N7K-1# sh monitor

Note: No sessions configured

HZN-N7K-1#

The DMZ vDC shows that is has an active session:

HZN-N7K-1-DMZ# sh monitor
Session  State        Reason                  Description
-------  -----------  ----------------------  --------------------------------
1        up           The session is up                                      
HZN-N7K-1-DMZ# sh monitor session 1
   session 1
---------------
type              : erspan-source
state             : up
erspan-id         : 22
vrf-name          : default
acl-name          : acl-name not specified
ip-ttl            : 255
ip-dscp           : 0
destination-ip    : 10.5.10.198
origin-ip         : 10.5.11.41 (global)
source intf       :
    rx            :
    tx            :
    both          :
source VLANs      :
    rx            : 129
    tx            : 129
    both          : 129
filter VLANs      : filter not specified


Feature       Enabled   Value   Modules Supported       Modules Not-Supported
-----------------------------------------------------------------------------
Rate-limiter  No
MTU-Trunc     No
Sampling      No
MCBE          No
L3-TX         -           -     1  2  5  10             - 
ERSPAN-ACL    -           -     1  2  10                5 
ERSPAN-V2     Yes       -       1  2  10                5 


Legend:
  MCBE  = multicast best effort
  L3-TX = L3 Multicast Egress SPAN

HZN-N7K-1-DMZ#

Yet i am not seeing my erspan data on my NAM (the 10.5.10.198 listed as the erspan destination).

NAM-erspans.jpg

Now i can get to the NAM from both the DMZ vDC and from the ADMIN vDC so it's not a routing or firewall issue.

Anyone have any tips or ideas? Which vDC would this ERSPAN source the GRE tunnel from. Knowing what I do about vDCs it amazes me that it would source from the ADMIN vDC, but if you configure the origin information from ADMIN and you need to specify a source IP that would live in the DMZ vDC, how would that work if you wanted to send ERSPAN data from a different, third vDC???

Thanks,

Ben Posner

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic