Solved: SPAN to multiple destinations does not work

Joe Silver · ‎05-19-2013

I have a single Nexus 7K (6.x) with only F2 modules and I would like to SPAN the same source interfaces and vlans to mulitple destination servers (interfaces). When configuring SPAN to a single destination traffic gets replicated successfully but when I add an additional destination to the same SPAN session then none of the destination interfaces receive any traffic. As soon as modify the SPAN to include only a single destination interface it works again.

I'm guess this is a limitation of the Nexus 7K 6.x code or the F2 modules. If so someone please confirm this. If this is indeed a limitation with my current hardware I'd appreicate some suggestions to make this work.

Thanks!

Joe

krahmani323 · ‎05-30-2013

Hello Joe,

Sorry for the delay in my answer.

As per my understanding, this limitation is more global. It is encountered as soon as there is a F series module in the chassis (either F1 or F2) in the same VDC as the SPAN interfaces.

I am affraid that even if you add a new M series module with interfaces belonging to the same VDC as already existing F series interfaces, you will hit the limitation.

I have reproduced the issue in my N7k lab with one SUP1, one F1 and one M1 module =>

===========================================================

Mod Ports Module-Type Model Status

--- ----- ----------------------------------- ------------------ ----------

1 48 1000 Mbps Optical Ethernet Module N7K-M148GS-11 ok

2 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok

5 0 Supervisor module-1X N7K-SUP1 active *

===========================================================

I have defined as the SPAN source Eth1/1 interface (M1 module) and as a destinations Eth1/2 and Eth1/3 (M1 module).

We can see the SPAN session as down with "Multi-dst not allowed" reason (I suppose that you had the same message).

===========================================================

N7k_Fulmar# sh monitor session 1

session 1

---------------

type : local

state : down (Multi-dst not allowed)

source intf :

rx : Eth1/1

tx : Eth1/1

both : Eth1/1

destination ports : Eth1/2 Eth1/3

===========================================================

If I power down the F series module, I can see the SPAN session going UP.

If I power UP the F serie module, I can see the SPAN session going DOWN.

To summarize, yes the documentation indicates we can deploy multple SPAN destinations interfaces (by deduction only on M series LC), and under certain circumstances confirmed by the lab test =>

As soon as a F series module is present in the chassis within the same VDC (even if you do not use the F series interface in the SPAN session) the session becomes inactive when using more than one destination interface

Multiple SPAN destinations are not supported when an F Series module is present in a VDC.

If multiple SPAN destinations are configured in a SPAN session, the session is disabled until :

- the F Series module is powered down

- or moved to another VDC

- or the multiple SPAN destinations are reduced to a single destination.

I am agree with the fact the VACL capture is a very cool feature on the 6500.

So if you cannot conform to one the above mentionned conditions for the N7k, I would suggest again the first propositions.

Also what about ERSPAN in your environment ? You can potentially send the replicated flows to a 6500 with multiple destination ports ?

Regards.

Karim

View solution in original post

krahmani323 · ‎05-20-2013

Hello Joe,

I think this limitation is indeed due to the F-series modules. The modules are limited when trying to configure multiple destination ports for the same SPAN session (within a VDC) :

http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/system_management/configuration/guide/sm_14span.html#wp1239670

Multiple SPAN destinations are not supported when an F Series module is present in a VDC. If multiple SPAN destinations are configured in a SPAN session, the session is disabled until the F Series module is powered down or moved to another VDC or the multiple SPAN destinations are reduced to a single destination.

Another document stating it =>

The F Series modules do not support multiple SPAN destination ports or virtual SPAN. If a port on the F Series module is in a VDC and that VDC has multiple SPAN destination ports, that SPAN session is not brought up.

=======

Depending on the number of destination interfaces you need, you can possibly create a second session keeping in mind that 2 active SPAN sessions maximum can be configured on the N7k (or VDC).

Maybe also use an intermediate switch able to mirror a single source coming from the N7k to multiple SPAN destination ports towards the servers.

Hope that helps.

Best regards.

Karim

Joe Silver · ‎05-23-2013

Thanks Karim for the response.

So based on the Cisco documentation the limitation is around the F2 module, but all information indicates the Nexus 7000 series platform does support multiple destinations in a single SPAN session. My next question is what modules can I purchase M1, M2, etc that will permit me this functionality? Obviously I would need just one module to meet my needs.

The other direction I could pursue is to do VACL captures (forward) (which I have used with great results on 6500) unfortunately that feature isn't supportedon the F2 modules either. I'm told it *might* be planned for the next code release.

Joe

krahmani323 · ‎05-30-2013

Hello Joe,

Sorry for the delay in my answer.

As per my understanding, this limitation is more global. It is encountered as soon as there is a F series module in the chassis (either F1 or F2) in the same VDC as the SPAN interfaces.

I am affraid that even if you add a new M series module with interfaces belonging to the same VDC as already existing F series interfaces, you will hit the limitation.

I have reproduced the issue in my N7k lab with one SUP1, one F1 and one M1 module =>

===========================================================

Mod Ports Module-Type Model Status

--- ----- ----------------------------------- ------------------ ----------

1 48 1000 Mbps Optical Ethernet Module N7K-M148GS-11 ok

2 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok

5 0 Supervisor module-1X N7K-SUP1 active *

===========================================================

I have defined as the SPAN source Eth1/1 interface (M1 module) and as a destinations Eth1/2 and Eth1/3 (M1 module).

We can see the SPAN session as down with "Multi-dst not allowed" reason (I suppose that you had the same message).

===========================================================

N7k_Fulmar# sh monitor session 1

session 1

---------------

type : local

state : down (Multi-dst not allowed)

source intf :

rx : Eth1/1

tx : Eth1/1

both : Eth1/1

destination ports : Eth1/2 Eth1/3

===========================================================

If I power down the F series module, I can see the SPAN session going UP.

If I power UP the F serie module, I can see the SPAN session going DOWN.

To summarize, yes the documentation indicates we can deploy multple SPAN destinations interfaces (by deduction only on M series LC), and under certain circumstances confirmed by the lab test =>

As soon as a F series module is present in the chassis within the same VDC (even if you do not use the F series interface in the SPAN session) the session becomes inactive when using more than one destination interface

Multiple SPAN destinations are not supported when an F Series module is present in a VDC.

If multiple SPAN destinations are configured in a SPAN session, the session is disabled until :

- the F Series module is powered down

- or moved to another VDC

- or the multiple SPAN destinations are reduced to a single destination.

I am agree with the fact the VACL capture is a very cool feature on the 6500.

So if you cannot conform to one the above mentionned conditions for the N7k, I would suggest again the first propositions.

Also what about ERSPAN in your environment ? You can potentially send the replicated flows to a 6500 with multiple destination ports ?

Regards.

Karim

Joe Silver · ‎05-30-2013

First of all thank for the detailed and through response Karim. It's very disappointed that the Nexus 7K is limited in this manner. I'm suprised the lack of features for a product that is supposed to be Next Generation core switch. The VACL capture feature which could provide us a solution to our dilemma was possibly due to be introduced in the next code release of code but as of yet the latest version 6.1(4) doesn't support the capture feature.

For now I've connected a lowly spare Cisco switch to the 7K and then using that to SPAN to multiple destination servers from the uplink connection. So far it's working with no major problems.

I'll keep my fingers crossed that the next code release will support the VACL capture feature or possibly remove the 2 active SPAN limitation (or multiple destination on F2 modules).

Joe

x03 · ‎03-05-2017

4 years later.
the problem is not solved.
I've a system with modules M1 and F1.
with 6.2 (12) Release

When i disable F1 module - SPAN is up
When i power on F1 - SPAN told: down (Multi-dst not allowed)

How to solve?