Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1950
Views
0
Helpful
2
Replies

ERSPAN between Nexus 9K and VMWare Virtual machine through Cisco UCS (Traffic Mirroring)

neelay121
Level 1
Level 1

‎01-29-2020 02:17 AM

Hi,

 

I have a requirement in which I need to mirror the HTTP/HTTPS traffic of the web servers by configuring the SPAN session between the Nexus 9K to the VMWare virtual machine for the Real User Monitoring Integration. I tried multiple options but I am not getting any traffic on the virtual machine.

 

Below, 192.168.25.59 is the seperate vnic on the vm.

192.168.25.6 is the SVI created on the Nexus. 

Port-Channel 10--Connected between the Fabric Interconnect and the Nexus switch. 

 

Config:

 

monitor session 1 type erspan-source
erspan-id 10
vrf default
destination ip 192.168.25.59
source interface port-channel10 both
filter vlan 400-500
no shut
monitor erspan origin ip-address 192.168.25.6 global

 

 

 

 

1 person had this problem
Labels:
Preview file
9 KB
0 Helpful
2 Replies 2

PeterRounds58279
Level 1
Level 1

‎02-04-2020 11:08 AM

I'm also having quite a challenge with this.

Once configured, the volume of monitor traffic sent to the VM's NIC takes down the VM's NIC:

 30 seconds input rate 31895104 bits/sec, 3107 packets/sec
  30 seconds output rate 3910024 bits/sec, 974 packets/sec
  Load-Interval #2: 5 minute (300 seconds)
    input rate 37.84 Mbps, 3.60 Kpps; output rate 6.77 Mbps, 1.46 Kpps

Finding it hard to believe the VM can't hold up under this traffic.

The following configuration was deployed:

RackA-9508-01
------------------
monitor erspan origin ip-address 172.18.15.32 global < this the looback0 address on the Nexus 9508
monitor session 1 type erspan-source
description net-mon-traffic_to_10.10.2.176 < this the IP address of the Cisco UCS VMware VM
source interface Po135
destination ip 10.10.2.176
erspan-id 1
vrf default
no shut

Respectfully,

Peter

 

0 Helpful

neelay12
Level 1
Level 1
In response to PeterRounds58279

‎02-06-2020 09:56 PM

Peter, In my case, I am not able to see any traffic going to the VM. I am not sure where is the issue. Attaching status for reference.

 

BSCL-NEXUS-2# show monitor session all
session 5
---------------
type : erspan-source
state : up
erspan-id : 2
vrf-name : default
acl-name : acl-name not specified
ip-ttl : 255
ip-dscp : 0
destination-ip : 192.168.25.59
origin-ip : 192.168.25.6 (global)
source intf :
rx : Po10
tx : Po10
both : Po10
source VLANs :
rx :
tx :
both :
filter VLANs : 400-500
source fwd drops :

marker-packet : disabled
packet interval : 100
packet sent : 0
packet failed : 0
egress-intf : Po10

 

BSCL-NEXUS-2# sho run interface port-channel 10

!Command: show running-config interface port-channel10
!Time: Fri Feb 7 11:26:13 2020

version 7.0(3)I6(1)

interface port-channel10
description ** conn to FI for VPC **
switchport mode trunk

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card