[All About Switches] 09 Mirroring – an Effective Network Monitoring Tool (Specifications)

Created Jul 23, 2015 20:12:25Latest reply Sep 05, 2016 20:02:47 4785 3 1 0
This post was last edited by 交换机在江湖 at 2017-6-24 16:51.

Mirroring – an Effective Network Monitoring Tool (Specifications)

Hi, I've talked about mirroring working mechanism, application, and configuration in the last issue. Sometimes, when you attempt to mirror packets from a switch to multiple monitoring devices, you may see an error message saying that the configuration fails because mirroring resources have been used up. Why?

The number of mirroring entries allowed on a switch depends on the mirroring specifications. Mirroring specifications differ a lot on various switch models due to difference in such factors as chip capacities and mirroring processing mechanisms. I summarized the mirroring specifications on switches of different versions and models. Hope it will be a help to you.

I will talk about the following items today:

1.         Observing Port Specifications: Read this section to know the maximum number of observing ports supported on a switch and how to calculate the remaining number of observing ports that can be configured.

2.         1: N Mirroring Specifications: Read this section to know how many observing ports a copy of packets can be mirrored to.

3.         N:1 Mirroring Specifications: Read this section to know how many copies of packets can be mirrored to the same observing port.

4.         M:N Mirroring Specifications: Read this section to know how many observing ports the M copies of different packets can be mirrored to.

5.         Workaround to Observing Port Insufficiency on a Switch: Read this section to know the workaround to mirroring resource insufficiency on a switch.

1         Observing Port Specifications

1.1         Observing Port Configuration Methods

Before talking about observing port specifications, I'd like to spend a little time explaining the observing port configuration methods, because the configuration method you use will affect the observing port specifications on some switches.

Switches running versions prior to V200R005 allow only configuration of a single observing port at a time. V200R005 and later versions support both single and batch observing port configuration, and the two methods can be used together. If multiple observing ports are configured in a batch, these observing ports are bound to the same mirrored port and packets on the mirrored ports will be copied to all these observing ports. Therefore, batch configuration is often used to simplify the configuration of 1:N mirroring. You can see from the following figure that a mirrored port is bound to the all the observing ports that are configured in a batch to implement 1:N mirroring.

20170624165048973001.png

1.2         Observing Port Specifications

Observing port specifications include the maximum number of observing ports allowed on a switch and how many observing ports can be specified for inbound and outbound packets on all mirrored ports. We should consider these specifications when configuring the mirroring function. Table 1 through table 5 provide the observing port specifications different cards for modular and fixed switches of different versions.

Table 1 Observing port specifications on different line cards for S series modular switches in V200R001 to V200R003

Line Card

Total Number of Observing Ports to Which Incoming Packets on All Mirrored Ports Can Be Copied

Total Number of Observing Ports to Which Outgoing Packets on All Mirrored Ports Can Be Copied

Max. Number of Observing Ports Supported

S series

2

1

3

FA series

2

1

3

E series

2

1

3

FC series

1

1

2

Note 1: A maximum of eight observing ports can be configured on a switch.

Table 2 Observing port specifications on different line cards for S series modular switches in V200R005 and later versions

Line Card

Total Number of Observing Ports to Which Incoming Packets on All Mirrored Ports Can Be Copied

Total Number of Observing Ports to Which Outgoing Packets on All Mirrored Ports Can Be Copied

Max. Number of Observing Ports Supported

SA series, except ES0D0X12SA00 (S7700), EH1D2X12SSA0 (S9700), and ET1D2X12SSA0 (S12700)

4

1

5

ES0D0X12SA00 (S7700), EH1D2X12SSA0 (S9700), ET1D2X12SSA0 (S12700)

4

2

6

SC series (S12700)

X (X ≤ 4)

4-X (X ≤ 4)

4

E series, except EH1D2X48SEC0 (S9700) and ET1D2X48SEC0 (S12700)

4

2

6

EH1D2X48SEC0 (S9700) and ET1D2X48SEC0 (S12700)

X (X ≤ 4)

4-X (X ≤ 4)

4

FA series (S7700 and S9700)

4

2

6

FC series (S7700 and S9700)

X (X ≤ 4)

4-X (X ≤ 4)

4

B series (S7700 and S9700)

X (X ≤ 4)

4-X (X ≤ 4)

4

X series

Depending on the configuration method

Depending on the configuration method

Depending on the configuration method

Note 1: The observing port specifications on an X card vary depending on the observing port configuration method. You can run the single observing port configuration command a maximum of 8 times to configure 8 observing ports. In batch configuration mode, you can specify a maximum of 64 observing ports at a time and run the batch configuration command a maximum of 8 times. That is, a maximum of 8 x 64 = 512 observing ports can be configured theoretically.

Note 2: You can configure a maximum of 8 observing ports on a switch excluding the observing ports configured in a batch on X series cards.

Table 3 Observing port specifications on S series fixed switches in V100R006C05

Model

Total Number of Observing Ports to Which Incoming Packets on All Mirrored Ports Can Be Copied

Total Number of Observing Ports to Which Outgoing Packets on All Mirrored Ports Can Be Copied

Max. Number of Observing Ports Supported

S2700SI

1

1

1

S2710SI

4

1

4

S2700EI

1

1

1

Table 4 Observing port specifications on S series fixed switches in V200R001 to V200R003

Model

Total Number of Observing Ports to Which Incoming Packets on All Mirrored Ports Can Be Copied

Total Number of Observing Ports to Which Outgoing Packets on All Mirrored Ports Can Be Copied

Max. Number of Observing Ports Supported

S3700HI

2

1

2

S5700S-LI, S5700LI

1

1

1

S5710LI

1

1

1

S5700SI

1

1

1

S5700EI

4

1

4

S5710EI

2

1

2

S5700HI

2

1

2

S5710HI

2

1

2

S6700

1

1

1

Table 5 Observing port specifications on S series fixed switches in V200R005 to V200R009

Model

Total Number of Observing Ports to Which Incoming Packets on All Mirrored Ports Can Be Copied

Total Number of Observing Ports to Which Outgoing Packets on All Mirrored Ports Can Be Copied

Max. Number of Observing Ports Supported

S1720

1

1

1

S2720EI

1

1

1

S2750EI

1

1

1

S5700S-LI, S5700LI

1

1

1

S5700SI

1

1

1

S5720SI, S5720S-SI

1

1

1

S5700EI

4

1

4

S5710EI

4

4

8

S5720EI

4

4

8

S5720HI

Depending on the configuration method

Depending on the configuration method

Depending on the configuration method

S5700HI

4

4

8

S5710HI

4

4

8

S6700EI

X (X ≤ 4)

4-X (X ≤ 4)

4

S6720EI, S6720S-EI

X (X ≤ 4)

4-X (X ≤ 4)

8

E600

1

1

1

Note 1: The observing port specifications on an S5720HI vary depending on the observing port configuration method. You can run the single observing port configuration command a maximum of 8 times to configure 8 observing ports. In batch configuration mode, you can specify a maximum of 64 observing ports at a time and run the batch configuration command a maximum of 8 times. That is, a maximum of 8 x 64 = 512 observing ports can be configured theoretically.

Table 6 Observing port specifications on S series fixed switches in V200R010 and later versions

Model

Total Number of Observing Ports to Which Incoming Packets on All Mirrored Ports Can Be Copied

Total Number of Observing Ports to Which Outgoing Packets on All Mirrored Ports Can Be Copied

Max. Number of Observing Ports Supported

S1720

6

6

6

S2720EI

6

6

6

S2750EI

6

6

6

S5700S-LI, S5700LI

6

6

6

S5710-X-LI

6

6

6

S5720LI, S5720S-LI

6

6

6

S5720SI, S5720S-SI

6

6

6

S5720EI

4

4

8

S5720HI

Depending on the configuration method

Depending on the configuration method

Depending on the configuration method

S6720LI, S6720S-LI

6

6

6

S6720SI. S6720S-SI

6

6

6

S6720EI, S6720S-EI

X (X ≤ 4)

4-X (X ≤ 4)

8

E600

6

6

6

S600-E

6

6

6

Note 1: The observing port specifications on an S5720HI vary depending on the observing port configuration method. You can run the single observing port configuration command a maximum of 8 times to configure 8 observing ports. In batch configuration mode, you can specify a maximum of 64 observing ports at a time and run the batch configuration command a maximum of 8 times. That is, a maximum of 8 x 64 = 512 observing ports can be configured theoretically.

 

1.3   How to Calculate the Remaining Number of Observing Ports that Can Be Configured

If observing ports have been configured on your switch and you want to configure more observing ports to monitor the network traffic on other monitoring devices, you need to calculate how many observing ports can still be configured on the switch, and how many observing ports can be specified for inbound and outbound packets on all mirrored ports respectively. Note that the numbers of observing ports for inbound and outbound packets on a mirrored port are calculated separately. When the same observing port is specified for both the inbound and outbound packets on a mirrored port, the remaining numbers of observing ports for inbound and outbound packets both reduce by 1.

As an example, an FA card supports a maximum of 6 observing. For all mirrored ports, a maximum of 4 observing ports can be specified for inbound packets, and a maximum of 2 observing ports can be specified for outbound packets. If the one observing port has been specified for inbound and outbound packets simultaneously, 3 observing ports are left for inbound packets and 1 is left for outbound packets. Therefore, you can still configure a maximum of 3 + 1 = 4 observing ports, not 6 - 1 = 5.

20170624165048811002.png

2         1: N Mirroring Specifications

1:N mirroring copies packets on one mirrored port to N observing ports, as shown in the following figure.

20170624165049266003.png

For 1:N port mirroring, N means that packets in each direction (inbound or outbound) on a mirrored port can be mirrored to N observing ports.

For 1:N traffic mirroring, N means that a traffic mirroring behavior bound to a traffic classifier can mirror packets to an observing port group with N observing ports. Therefore, to implement 1:N traffic mirroring, you must specify an observing port group in a traffic behavior.

Here, I'd like to explain specifications (value of N) of the most commonly used 1:N port mirroring feature. The N values of other 1:N mirroring features are the same as those of 1:N port mirroring.

For 1:N VLAN mirroring or MAC address mirroring, N means that the observing port group bound to the inbound direction of a VLAN contains N observing ports. That is, to implement 1:N VLAN mirroring or MAC address mirroring, you must bind an observing port group to the inbound direction of a VLAN.

In Layer 3 remote mirroring, packets on a mirrored port cannot be copied to multiple observing ports.

1:N mirroring is used to enable network traffic monitoring on multiple monitoring devices. In versions prior to V200R005, only the E series, FA series, ES0D0X12SA00, and EH1D2X12SSA0 line cards for Huawei S series modular switches support 1:N mirroring, and at most 1:2 mirroring can be configured for inbound packets on a chassis. In V200R005 and later versions, all Huawei S series switches support 1:N mirroring. Table 1 and Table 2 list specifications of 1:N port mirroring supported in different line cards for modular switches and different models of fixed switches.

Table 1 1:N port mirroring specifications on different line cards for S series modular switches in V200R005 and later versions

Line Card

Number of Observing Ports for Inbound Packets on a Mirrored Port

Number of Observing Ports for Outbound Packets on a Mirrored Port

SA series, except ES0D0X12SA00 (S7700), EH1D2X12SSA0 (S9700), and ET1D2X12SSA0 (S12700)

NA (only one observing port supported)

NA (only one observing port supported)

ES0D0X12SA00 (S7700), EH1D2X12SSA0 (S9700), ET1D2X12SSA0 (S12700)

2

2

SC series (S12700)

Y (Y ≤ 4)

4-Y (Y ≤ 4)

E series, except EH1D2X48SEC0 (S9700) and ET1D2X48SEC0 (S12700)

2

2

EH1D2X48SEC0 (S9700), ET1D2X48SEC0 (S12700

Y (Y ≤ 4)

4-Y (Y ≤ 4)

FA series (S7700 and S9700)

2

2

FC series (S7700 and S9700)

Y (Y ≤ 4)

4-Y (Y ≤ 4)

B series (S7700 and S9700)

Y (Y ≤ 4)

4-Y (Y ≤ 4)

X series

Depending on the configuration method

Depending on the configuration method

Note 1: The observing port specifications on an X card vary depending on the observing port configuration method. In single observing port configuration mode, the inbound or outbound packets on a mirrored port can be mirrored to only one observing port. In batch configuration mode, the inbound or outbound packets on a mirrored port can be mirrored to a maximum of 64 observing ports theoretically.

Note 2: If you have used the batch configuration command to specify an observing port group for inbound or outbound packets on a mirrored port, no other observing ports can be specified for packets of this direction on the mirrored port.

Table 2 1:N port mirroring specifications on S series fixed switches in V200R005 and later versions

Model

Number of Observing Ports for Inbound Packets on a Mirrored Port

Number of Observing Ports for Outbound Packets on a Mirrored Port

S2750

NA (only one observing port supported)

NA (only one observing port supported)

S5700S-LI, S5700LI

NA (only one observing port supported)

NA (only one observing port supported)

S5700SI

NA (only one observing port supported)

NA (only one observing port supported)

S5700EI

NA (only one observing port supported)

NA (only one observing port supported)

S5710EI

4

4

S5700HI

4

4

S5710HI

4

4

S5720HI

Depending on the configuration method

Depending on the configuration method

S6700

Y (Y ≤ 4)

4-Y (Y ≤ 4)

Note 1: The observing port specifications on an S5720HI vary depending on the observing port configuration method. In single observing port configuration mode, the inbound or outbound packets on a mirrored port can be mirrored to only one observing port. In batch configuration mode, the inbound or outbound packets on a mirrored port can be mirrored to a maximum of 64 observing ports theoretically.

Note 2: If you have used the batch configuration command to specify an observing port group for inbound or outbound packets on a mirrored port, no other observing ports can be specified for packets of this direction on the mirrored port.

3         N:1 Mirroring Specifications

N:1 mirroring copies packets on N mirrored ports to one observing port, as shown in the following figure.

20170624165050574004.png

N:1 mirroring is used to monitor packet flows passing through multiple mirrored ports. There is not any limit on the value of N. In other words, you can mirror inbound or outbound packets on all mirrored ports to the same observing port, and configure as many mirrored ports as you wish.

4         M:N Mirroring Specifications

M:N mirroring copies packets on M mirrored ports to N observing ports.

20170624165051611005.png

Configuring M:N mirroring is equivalent to configuring 1:N mirroring M times, as shown in the figure above. M:N mirroring enables you to use multiple monitoring devices to monitor packets passing through multiple ports. M:N mirroring specifications can be deduced from 1:N and N:1 mirroring specifications: There is no limit on M, and the values of N supported on different cards or switch models are the same as those in 1:N mirroring.

5   Workaround to Observing Port Insufficiency on a Switch

Each switch supports a limited number of observing ports. What can we do if we want to use more monitoring devices than the maximum number of observing ports allowed on a switch? Here are two commonly used methods to address this problem:

Ø  Configure a remote mirroring port and configure it as an internal loopback port to broadcast packets copied on a mirrored port in a VLAN.

In this method, if multiple internal loopback interfaces are configured, to prevent loops, you must ensure that IDs of the VLANs to which these loopback interfaces are added are different.

20170624165052174006.png

As shown in the figure above, we need to copy packets on a mirrored port to four monitoring devices, but SwitchB allows less than four observing ports. We can perform the following steps to enable mirrored packets to be broadcast to the ports connected to the monitoring devices.

1. Configure remote port mirroring.

<SwitchB> system-view

[SwitchB] observe-port 1 interface gigabitethernet1/0/1 vlan 20   //Configure a remote observing port and specify VLAN 20 for broadcast of mirrored packets.

[SwitchB] interface gigabitethernet1/0/6

[SwitchB-GigabitEthernet1/0/6] port-mirroring to observe-port 1 both   //Mirror both inbound and outbound packets on the mirrored port to the remote observing port used for internal loopback.

 

[SwitchB-GigabitEthernet1/0/6] quit

2. Configure internal loopback.

[SwitchB] vlan batch 20   //Create VLAN 20 for internal loopback and do not configure any other services in it.

 

[SwitchB] interface gigabitethernet1/0/1

 

[SwitchB-GigabitEthernet1/0/1] mac-address learning disable   //Disable MAC address learning to prevent the internal loopback port from learning MAC addresses of other devices, so that packets received from other devices will be looped back in the local switch.

 

[SwitchB-GigabitEthernet1/0/1] stp disable   //Disable STP to prevent the internal loopback port from receiving the packets originated from the local switch, in which case the port will be blocked and transition to the Discarding state.

 

[SwitchB-GigabitEthernet1/0/1] port link-type access

 

[SwitchB-GigabitEthernet1/0/1] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/1] loopback internal   //Configure the remote observing port as an internal loopback port.

 

[SwitchB-GigabitEthernet1/0/1] quit

[SwitchB] interface gigabitethernet1/0/2

[SwitchB-GigabitEthernet1/0/2] port link-type access

[SwitchB-GigabitEthernet1/0/2] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/2] quit

[SwitchB] interface gigabitethernet1/0/3

[SwitchB-GigabitEthernet1/0/3] port link-type access

[SwitchB-GigabitEthernet1/0/3] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/3] quit

[SwitchB] interface gigabitethernet1/0/4

[SwitchB-GigabitEthernet1/0/4] port link-type access

[SwitchB-GigabitEthernet1/0/4] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/4] quit

[SwitchB] interface gigabitethernet1/0/5

[SwitchB-GigabitEthernet1/0/5] port link-type access

[SwitchB-GigabitEthernet1/0/5] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/5] quit

Ø  Configure remote mirroring and use an intermediate device to broadcast mirrored packets in a VLAN.

20170624165053272007.png

As shown in the figure above, we need to monitor packets passing through a mirrored port on three monitoring devices, but SwitchB allows less than three observing ports. We can perform the following steps to enable SwitchC to broadcast mirrored packets in a VLAN:

1. Configure remote port mirroring on SwitchB.

<SwitchB> system-view

[SwitchB] observe-port 1 interface gigabitethernet1/0/1 vlan 20   //Configure a remote observing port and specify VLAN 20 for forwarding of mirrored packets.

 

[SwitchB] interface gigabitethernet1/0/2

[SwitchB-GigabitEthernet1/0/2] port-mirroring to observe-port 1 both   //Mirror both inbound and outbound packets on the mirrored port to the remote observing port.

 

[SwitchB-GigabitEthernet1/0/2] quit

2. Add ports on SwitchC to VLAN 20.

[SwitchC] interface gigabitethernet1/0/1

[SwitchC-GigabitEthernet1/0/1] port link-type trunk

[SwitchC-GigabitEthernet1/0/1] port trunk allow-pass vlan 20   //Add the port to VLAN 20 used to forward mirrored packets.

 

[SwitchC-GigabitEthernet1/0/1] quit

[SwitchC] interface gigabitethernet1/0/2

[SwitchC-GigabitEthernet1/0/2] port link-type access

[SwitchC-GigabitEthernet1/0/2] port default-vlan 20   //Add the port to VLAN 20 used to forward mirrored packets.

 

[SwitchC-GigabitEthernet1/0/2] quit

[SwitchC] interface gigabitethernet1/0/3

[SwitchC-GigabitEthernet1/0/3] port link-type access

[SwitchC-GigabitEthernet1/0/3] port default-vlan 20   //Add the port to VLAN 20 used to forward mirrored packets.

 

[SwitchC-GigabitEthernet1/0/3] quit

[SwitchC] interface gigabitethernet1/0/4

[SwitchC-GigabitEthernet1/0/4] port link-type access

[SwitchC-GigabitEthernet1/0/4] port default-vlan 20   //Add the port to VLAN 20 used to forward mirrored packets.

 

[SwitchB-GigabitEthernet1/0/4] quit

 

That's all what I want to talk today. For more information about the mirroring feature, you can download product documentation at Product & Service Support Huawei Enterprise . You can also post your questions or suggestions here, and I will reply as soon as possible.

 

 

 

  • x
  • convention:

theodrim  Novice   Created Aug 08, 2016 18:06:08 Helpful(0) Helpful(0)

Very useful and descriptive posts, thank you.

Is it possible to mirror traffic of ETH Management port on Sx700 switches?

  • x
  • convention:

All_About_Switch     Created Aug 10, 2016 09:37:14 Helpful(0) Helpful(0)

Sorry,Sx7 switches can not mirror traffic of ETH Management port.
  • x
  • convention:

yaba_mobhe     Created Sep 05, 2016 20:02:47 Helpful(0) Helpful(0)

thank you

  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top