Solved: Re: Does anyone have a working ERSPAN config between two nexus 7k switches?

williamn0312 · ‎09-19-2017

If anyone has a working ERSPAN config between two nexus 7k switches or between two nexus switches, can I take a look? I seem to be having some difficulties configuring it, and the source monitoring session refuses to go up. Thanks!

Francesco Molino · ‎09-20-2017

If that helps don't forget to select as validated answer.

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎09-19-2017

Hi

What config have you done?

Here something running in production since many years now.

Source of erspan monitoring:

monitor session 10 type erspan-source
erspan-id 10
vrf monitoring
destination ip 10.100.1.1
source vlan 170 - 189 both
no shut

!
monitor session 20 type erspan-source
erspan-id 20
vrf monitoring
destination ip 10.100.1.1
source vlan 120,124,129 both
no shut

monitor erspan origin ip-address 1.1.1.1 global

!

interface Ethernet1/10
description ERSPAN Layer3
vrf member monitoring
ip address 10.100.1.2/30
no shutdown

!

interface loopback100
description ERSPAN Loopback
vrf member monitoring
ip address 1.1.1.1/32

!

Destination of erspan where the monitoring is connected to:

monitor session 11 type erspan-destination
erspan-id 10
vrf monitoring
source ip 10.100.1.1
destination interface Ethernet1/1
no shut

!
monitor session 21 type erspan-destination
erspan-id 20
vrf monitoring
source ip 10.100.1.1
destination interface Ethernet1/2
no shut

!

monitor erspan origin ip-address 1.1.1.2 global

!

interface Ethernet1/10
description ERSPAN Layer3
vrf member monitoring
ip address 10.100.1.1/30
no shutdown

!

interface loopback100
description ERSPAN Loopback
vrf member monitoring
ip address 1.1.1.2/32

!

interface Ethernet1/1
switchport
switchport mode trunk
switchport monitor
switchport trunk allowed vlan 170-189
no shutdown

!

interface Ethernet1/2
switchport
switchport mode trunk
switchport monitor
switchport trunk allowed vlan 120,124,129

no shutdown

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

williamn0312 · ‎09-20-2017

Thank you so much Francesco! I really appreciate it. Have you ever encountered an error where the ERSPAN source monitoring session is down to due to a error "SVI member cannot be retrieved." Also, for the source interface, does it have to be a loopback interface or a /32 address? /16s and /24s won't work?

Francesco Molino · ‎09-20-2017

Hi

I did ERSPAN a lot of time and never had the issue you're talking about.
As source, you can use any interface created on your Nexus. I always create a dedicated vrf to fully manage the routing between the source and destination ERSPAN and to split it from the other production traffic.

What's your config?
If you do embedded wireshark (Ethanalyzer), do you see some traffic arriving at the destination or leaving your source?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

williamn0312 · ‎09-20-2017

Does the source interface have to be a loopback? It cannot be a vlan? Does
it have to be a /32 address?

Francesco Molino · ‎09-20-2017

Hi

What do you mean by source? you meant origin ip-address? It's best practices to configure a loopback. However, in multiple documentation, I'm quite sure you won't find any limitation for that.

If source is the source-ip in ERSPAN config, you can use whatever you want as soon as it's reachable within the routing table (in my example, it's a L3 Ethernet interface)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

williamn0312 · ‎09-20-2017

Yes, that's what I meant - the origin ip-address. That address stems from the loopback interface. So let's say we create a vlan interface instead, assign it a /24, and then assign that as the origin erspan global ip-address - would that work? I know that when setting the origin erspan global IP, there's no option to input a subnet mask. If we just assign it a /24, would the switch know to view it as a /24 or will it just see it as a classful address? I don't have the actual config, I just followed Cisco's template on configuring an ERSPAN session.

Francesco Molino · ‎09-20-2017

Ok. I'm sorry if I'm misspelling something but as i said, you can use what ever you want as soon as it's reachable from the other side. Then yes it could an ip from svi within a /24 subnet.
The switch will know as a /24 ip but again it doesn't matter.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Francesco Molino · ‎09-20-2017

If that helps don't forget to select as validated answer.

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

comitexp25@gmail.com · ‎07-12-2019

I am curious to see if anyone is running this in a production environment. Have you lost any production time due to having ERSPAN configured.

Francesco Molino · ‎07-13-2019

Never got any issues like the one you're talking about. Are you or have you faced this issue?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question