VSS and ERSPAN

gnijs · ‎04-12-2011

Hello,

anyone has ever tested this ? Does it work ?

We are running VSS on 12.2(33)SXI1, but don't seem to get ERSPAN running. We have configured it on other standalone C6500...

regards,

Geert

scrye · ‎04-15-2011

Hi Geert,

We also run VSS, but unlike you, are just starting to experiment with ERSPAN and are having a devil of a time. We have never gotten it to work anywhere. The docs are cryptic. For example, we are not sure that for the desination IP, we are supposed to provide the address of a host on which we will run Wireshark, or are supposed to IP and interface!

We have 100 6500s connected via ATT Gigaman to the VSS core.

Here is what is really odd - when we enable the ERSPAN at the source (a 6500 across town), even before we configure the destination ERSPAN here on the VSS core, we start seeing remote traffic on the Wireshark monitor host that has the destination-ip! Then, as soon as we complete the ERSPAN config here at the core, the traffic stops! It drops from 30 Mbps to 0 as soon as we exit the ERSPAN config here are the destination.

Remote site:

Aoy_6509_1A.1#sh mon
Session 1
---------
Type                   : ERSPAN Source Session
Status                 : Admin Enabled
Source VLANs           :
    Both               : 192
Destination IP Address : 10.254.3.11
Destination ERSPAN ID : 103
Origin IP Address      : 20.1.1.103    <<< this is just a random IP we picked, our network is a 10.0.0.0/8<<<

(BTW it gives us the same fail if we use the VLAN192 gateway IP 10.103.192.1)

-----

VSS core site:

ECB-6500VSS-1A.1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ECB-6500VSS-1A.1(config)#monitor session 1 type erspan-destination
ECB-6500VSS-1A.1(config-mon-erspan-dst)#desc TargetForBowieVLAN192
ECB-6500VSS-1A.1(config-mon-erspan-dst)#destination interface g1/5/3
ECB-6500VSS-1A.1(config-mon-erspan-dst)#source
ECB-6500VSS-1A.1(config-mon-erspan-dst-src)#erspan-id 103
ECB-6500VSS-1A.1(config-mon-erspan-dst-src)#ip address 10.254.3.11
ECB-6500VSS-1A.1(config-mon-erspan-dst-src)#exit
ECB-6500VSS-1A.1(config-mon-erspan-dst)#no shut
ECB-6500VSS-1A.1(config-mon-erspan-dst)#^Z
ECB-6500VSS-1A.1#sh mon
Session 1
---------
Type                   : ERSPAN Destination Session
Status                 : Admin Enabled
Description            : TargetForBowieVLAN192
Destination Ports      : Gi1/5/3
Source IP Address      : 10.254.3.11
Source ERSPAN ID       : 103

Any help greatly appreciated!

Steve

gnijs · ‎04-22-2011

There seems to be a problem in your config:

at the source:

source = the nterface you want to monitor, in your case, vlan 192

destination ip adress = remote ip address of the receiver, this should be an ip address of the core VSS switch

origin ip address = the source address of the packets, this must be an address on the source switch, for example loopback0

at the destination:

source = erspan id 103

ip address = origin ip address above

destination = sniffer/wireshark interface

regards,

Geert

PS. in my problem, the VSS is not the destination system, but the source system.

We configured the source to be a RSPAN VLAN, destination a remote sniffer/wireshark IP -> no packets are ever received.

On a normal C6500 (non-VSS), the same config works...

Fabienne Stephanoff · ‎05-03-2011

Hello, I work at TAC and I am interested in your problem. If you are still having issues, please open a TAC case right from this tool and I will try and lab this up for you and engage more resources as need be.

Thanks

Fab.