[All About Switches] 09 Mirroring – an Effective Network Monitoring Tool (Specifications)

Latest reply: Sep 5, 2016 20:02:47 5161 3 1 0

Mirroring – an Effective Network Monitoring Tool (Specifications)

Hi, I've talked about mirroring working mechanism, application, and configuration in the last issue. Sometimes, when you attempt to mirror packets from a switch to multiple monitoring devices, you may see an error message saying that the configuration fails because mirroring resources have been used up. Why?

The number of mirroring entries allowed on a switch depends on the mirroring specifications. Mirroring specifications differ a lot on various switch models due to difference in such factors as chip capacities and mirroring processing mechanisms. I summarized the mirroring specifications on switches of different versions and models. Hope it will be a help to you.

I will talk about the following items today:

1.         Observing Port Specifications: Read this section to know the maximum number of observing ports supported on a switch and how to calculate the remaining number of observing ports that can be configured.

2.         1: N Mirroring Specifications: Read this section to know how many observing ports a copy of packets can be mirrored to.

3.         N:1 Mirroring Specifications: Read this section to know how many copies of packets can be mirrored to the same observing port.

4.         M:N Mirroring Specifications: Read this section to know how many observing ports the M copies of different packets can be mirrored to.

5.         Workaround to Observing Port Insufficiency on a Switch: Read this section to know the workaround to mirroring resource insufficiency on a switch.

1         Observing Port Specifications

1.1      Observing Port Configuration Methods

Before talking about observing port specifications, I'd like to spend a little time explaining the observing port configuration methods, because the configuration method you use will affect the observing port specifications on some switches.

Switches running versions prior to V200R005 allow only configuration of a single observing port at a time. V200R005 and later versions support both single and batch observing port configuration, and the two methods can be used together. If multiple observing ports are configured in a batch, these observing ports are bound to the same mirrored port and packets on the mirrored ports will be copied to all these observing ports. Therefore, batch configuration is often used to simplify the configuration of 1:N mirroring. You can see from the following figure that a mirrored port is bound to the all the observing ports that are configured in a batch to implement 1:N mirroring.

134114d9mc8ucqqyjj93i3.png

 

1.2      How to Calculate the Remaining Number of Observing Ports that Can Be Configured

If observing ports have been configured on your switch and you want to configure more observing ports to monitor the network traffic on other monitoring devices, you need to calculate how many observing ports can still be configured on the switch, and how many observing ports can be specified for inbound and outbound packets on all mirrored ports respectively. Note that the numbers of observing ports for inbound and outbound packets on a mirrored port are calculated separately. When the same observing port is specified for both the inbound and outbound packets on a mirrored port, the remaining numbers of observing ports for inbound and outbound packets both reduce by 1.

As an example, an FA card supports a maximum of 6 observing. For all mirrored ports, a maximum of 4 observing ports can be specified for inbound packets, and a maximum of 2 observing ports can be specified for outbound packets. If the one observing port has been specified for inbound and outbound packets simultaneously, 3 observing ports are left for inbound packets and 1 is left for outbound packets. Therefore, you can still configure a maximum of 3 + 1 = 4 observing ports, not 6 - 1 = 5.

134114pxsx49n3y55fa3mt.jpg

 

1.3      Observing Port Specifications

Observing port specifications include the maximum number of observing ports allowed on a switch and how many observing ports can be specified for inbound and outbound packets on all mirrored ports. We should consider these specifications when configuring the mirroring function. Table 1 through table 5 provide the observing port specifications different cards for modular and fixed switches of different versions.

Table 1 Observing port specifications on different line cards for S series modular switches in V200R001 to V200R003

Card

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Inbound Direction

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Outbound Direction

Maximum Observing Ports Supported per Device

S series cards

2

1

3

FA series cards

2

1

3

E series cards

2

1

3

FC series cards

1

1

2

Note 1: A maximum of eight observing ports can be configured on a switch.

Table 2 Observing port specifications on different line cards for S series modular switches in V200R005 and later versions

Card

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Inbound Direction

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Outbound Direction

Maximum Observing

Ports

Supported

per Device

SA series cards, except the following cards:

l LE0DX12XSA00

l LH2D2X12SSA0

l ES0D0X12SA00

l EH1D2X12SSA0

l ET1D2X12SSA0

4

1

5

l LE0DX12XSA00

l LH2D2X12SSA0

l ES0D0X12SA00

l EH1D2X12SSA0

l ET1D2X12SSA0

4

2

6

SC series cards

X (X ≤ 4)

4-X (X ≤ 4)

4

E series, except the following cards:

l LE1D2C02FEE0

l LE2D2X48SEC0

l LE1D2C02FEE0

l ES1D2C02FEE0

l ES1D2X48SEC4

l EH1D2X48SEC0

l ET1D2X48SEC0

l EH1D2C02FEE0

l ET1D2C02FEE0

4

2

6

l LE1D2C02FEE0

l LE2D2X48SEC0

l LE1D2C02FEE0

l ES1D2C02FEE0

l ES1D2X48SEC4

l EH1D2X48SEC0

l ET1D2X48SEC0

l EH1D2C02FEE0

l ET1D2C02FEE0

X (X ≤ 4)

4-X (X ≤ 4)

4

E3E series cards

4

2

6

E3S series cards

4

2

6

E3L series cards

4

1

5

FA series cards

4

2

6

FC series cards

X (X ≤ 4)

4-X (X ≤ 4)

4

B series cards

X (X ≤ 4)

4-X (X ≤ 4)

4

l LE1D2S04SEC0

l LE1D2X32SEC0

l LE1D2H02QEC0

l X series cards

Depending on the configuration method

Depending on the configuration method

Depending on the configuration method

Note: The observing port specifications on the LE1D2S04SEC0 card, LE1D2X32SEC0 card, LE1D2H02QEC0 card, and X series cards vary depending on the observing port configuration method. You can run the single observing port configuration command a maximum of 8 times to configure 8 observing ports. In batch configuration mode, you can specify a maximum of 64 observing ports at a time and run the batch configuration command a maximum of 8 times. That is, a maximum of 8 x 64 = 512 observing ports can be configured theoretically. You can configure a maximum of 8 observing ports on a switch excluding the observing ports configured in a batch on LE1D2S04SEC0 card, LE1D2X32SEC0 card, LE1D2H02QEC0 card, or X series cards.

Table 3 Observing port specifications on S series fixed switches in V200R003 and earlier versions

Model

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Inbound Direction

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Outbound Direction

Maximum Observing Ports Supported per Device

S2700SI

1

1

1

S2710SI

4

1

4

S2700EI

1

1

1

S3700SI

4

1

4

S3700EI

4

1

4

S3700HI

2

1

2

S5700LI and S5700S-LI

1

1

1

S5710-C-LI

1

1

1

S5700SI

1

1

1

S5700EI

4

1

4

S5710EI

2

1

2

S5700HI

2

1

2

S5710HI

2

1

2

S6700EI

1

1

1

Table 4 Observing port specifications on S series fixed switches in V200R005 to V200R009

Model

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Inbound Direction

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Outbound Direction

Maximum Observing Ports Supported per Device

S1720

1

1

1

S2720EI

1

1

1

S2750EI

1

1

1

S5700S-LI, S5700LI

1

1

1

S5710-X-LI

1

1

1

S5700SI

1

1

1

S5720SI, S5720S-SI

1

1

1

S5700EI

4

1

4

S5710EI

4

4

8

S5720EI

4

4

8

S5700HI

4

4

8

S5710HI

4

4

8

S5720HI

Depending on the configuration method

Depending on the configuration method

Depending on the configuration method

S6700EI

X (X ≤ 4)

4-X (X ≤ 4)

4

S6720EI, S6720S-EI

X (X ≤ 4)

4-X (X ≤ 4)

8

Table 5 Observing port specifications on S series fixed switches in V200R010 and later versions

Model

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Inbound Direction

Total Number of Observing Ports to Which All Mirrored Ports Can Be Bound in the Outbound Direction

Maximum Observing Ports Supported per Device

S1720

6

6

6

S2720EI

6

6

6

S2750EI

6

6

6

S5700S-LI, S5700LI , S5720LI, S5720S-LI

6

6

6

S5710-X-LI

6

6

6

S5720SI, S5720S-SI, S5720I-SI

6

6

6

S5730SI

6

6

6

S5730S-EI

6

6

6

S5720EI

4

4

8

S5720HI, S5730HI, S6720HI

Depending on the configuration method

Depending on the configuration method

Depending on the configuration method

S6720LI, S6720S-LI

6

6

6

S6720SI, S6720S-SI

6

6

6

S6720EI, S6720S-EI

X (X ≤ 4)

4-X (X ≤ 4)

8

 

Note 1: The observing port specifications on an S5720HI, S5730HI, and S6720HI vary depending on the observing port configuration method. You can run the single observing port configuration command a maximum of 8 times to configure 8 observing ports. In batch configuration mode, you can specify a maximum of 64 observing ports at a time and run the batch configuration command a maximum of 8 times. That is, a maximum of 8 x 64 = 512 observing ports can be configured theoretically.

 

 

2         1: N Mirroring Specifications

1:N mirroring copies packets on one mirrored port to N observing ports, as shown in the following figure.

134114ewappk8a6z6wepwk.png

For 1:N port mirroring, N means that packets in each direction (inbound or outbound) on a mirrored port can be mirrored to N observing ports.

For 1:N traffic mirroring, N means that a traffic mirroring behavior bound to a traffic classifier can mirror packets to an observing port group with N observing ports. Therefore, to implement 1:N traffic mirroring, you must specify an observing port group in a traffic behavior.

Here, I'd like to explain specifications (value of N) of the most commonly used 1:N port mirroring feature. The N values of other 1:N mirroring features are the same as those of 1:N port mirroring.

For 1:N VLAN mirroring or MAC address mirroring, N means that the observing port group bound to the inbound direction of a VLAN contains N observing ports. That is, to implement 1:N VLAN mirroring or MAC address mirroring, you must bind an observing port group to the inbound direction of a VLAN.

In Layer 3 remote mirroring, packets on a mirrored port cannot be copied to multiple observing ports.

1:N mirroring is used to enable network traffic monitoring on multiple monitoring devices. In versions prior to V200R005, only the E series, FA series, ES0D0X12SA00, and EH1D2X12SSA0 line cards for Huawei S series modular switches support 1:N mirroring, and at most 1:2 mirroring can be configured for inbound packets on a chassis. In V200R005 and later versions, all Huawei S series switches support 1:N mirroring. Table 1 and Table 2 list specifications of 1:N port mirroring supported in different line cards for modular switches and different models of fixed switches.

Note : If you have used the batch configuration command to specify an observing port group for inbound or outbound packets on a mirrored port, no other observing ports can be specified for packets of this direction on the mirrored port.

Table 1 1:N port mirroring specifications on different line cards for S series modular switches in V200R005 and later versions

Card

Number of Observing Ports to Which a Mirrored Port Can Be Bound in the Inbound Direction

Number of Observing Ports to Which a Mirrored Port Can Be Bound in the Inbound Direction

SA series cards, except the following cards:

l LE0DX12XSA00

l LH2D2X12SSA0

l ES0D0X12SA00

l EH1D2X12SSA0

l ET1D2X12SSA0

1

1

l LE0DX12XSA00

l LH2D2X12SSA0

l ES0D0X12SA00

l EH1D2X12SSA0

l ET1D2X12SSA0

2

2

SC series cards

Y (Y ≤ 4)

4-Y (Y ≤ 4)

E series, except the following cards:

l LE1D2C02FEE0

l LE2D2X48SEC0

l LE1D2C02FEE0

l LE1D2S04SEC0

l LE1D2X32SEC0

l LE1D2H02QEC0

l ES1D2C02FEE0

l ES1D2X48SEC4

l EH1D2X48SEC0

l ET1D2X48SEC0

l EH1D2C02FEE0

l ET1D2C02FEE0

2

2

l LE1D2C02FEE0

l LE2D2X48SEC0

l LE1D2C02FEE0

l LE1D2S04SEC0

l LE1D2X32SEC0

l LE1D2H02QEC0

l ES1D2C02FEE0

l ES1D2X48SEC4

l EH1D2X48SEC0

l ET1D2X48SEC0

l EH1D2C02FEE0

l ET1D2C02FEE0

Y (Y ≤ 4)

4-Y (Y ≤ 4)

E3E series cards

2

2

E3S series cards

2

2

E3L series cards

1

1

FA series cards

2

2

FC series cards

Y (Y ≤ 4)

4-Y (Y ≤ 4)

B series cards

Y (Y ≤ 4)

4-Y (Y ≤ 4)

LE1D2S04SEC0 card, LE1D2X32SEC0 card, LE1D2H02QEC0 card, and

X series cards

A mirrored port can be bound to only one observing port or observing port group, which must be the same in both the inbound and outbound directions. One observing port group contains a maximum of 64 observing ports.

Table 2 1:N port mirroring specifications on S series fixed switches in V200R005 and later versions

Model

Number of Observing Ports to Which a Mirrored Port Can Be Bound in the Inbound Direction

Number of Observing Ports to Which a Mirrored Port Can Be Bound in the Inbound Direction

S1720

1

1

S2720EI

1

1

S2750EI

1

1

S5700S-LI, S5700LI, S5720LI, S5720S-LI

1

1

S5710-X-LI

1

1

S5700SI

1

1

S5720SI, S5720S-SI, S5720I-SI

1

1

S5730SI

1

1

S5730S-EI

1

1

S5700EI

1

1

S5710EI

4

4

S5720EI

4

4

S5700HI

4

4

S5710HI

4

4

S5720HI, S5730HI, S6720HI

A mirrored port can be bound to only one observing port or observing port group, which must be the same in both the inbound and outbound directions. One observing port group contains a maximum of 64 observing ports.

S6700EI

Y (Y ≤ 4)

4-Y (Y ≤ 4)          

S6720LI, S6720S-LI

1

1

S6720SI, S6720S-SI

1

1

S6720EI, S6720S-EI

Y (Y ≤ 4)

4-Y (Y ≤ 4)

3         N:1 Mirroring Specifications

N:1 mirroring copies packets on N mirrored ports to one observing port, as shown in the following figure.

134115zdggr2vwcy1yqx1k.png

N:1 mirroring is used to monitor packet flows passing through multiple mirrored ports. There is not any limit on the value of N. In other words, you can mirror inbound or outbound packets on all mirrored ports to the same observing port, and configure as many mirrored ports as you wish.

4         M:N Mirroring Specifications

M:N mirroring copies packets on M mirrored ports to N observing ports.

134115okvo05utvt755oq5.png

Configuring M:N mirroring is equivalent to configuring 1:N mirroring M times, as shown in the figure above. M:N mirroring enables you to use multiple monitoring devices to monitor packets passing through multiple ports. M:N mirroring specifications can be deduced from 1:N and N:1 mirroring specifications: There is no limit on M, and the values of N supported on different cards or switch models are the same as those in 1:N mirroring.

5   Workaround to Observing Port Insufficiency on a Switch

Each switch supports a limited number of observing ports. What can we do if we want to use more monitoring devices than the maximum number of observing ports allowed on a switch? Here are two commonly used methods to address this problem:

Ø  Configure a remote mirroring port and configure it as an internal loopback port to broadcast packets copied on a mirrored port in a VLAN.

134115b0a29i3rirlhigx3.png

As shown in the figure above, we need to copy packets on a mirrored port to four monitoring devices, but SwitchB allows less than four observing ports. We can perform the following steps to enable mirrored packets to be broadcast to the ports connected to the monitoring devices.

1. Configure remote port mirroring.

<SwitchB> system-view

[SwitchB] observe-port 1 interface gigabitethernet1/0/1 vlan 20   //Configure a remote observing port and specify VLAN 20 for broadcast of mirrored packets.

[SwitchB] interface gigabitethernet1/0/6

[SwitchB-GigabitEthernet1/0/6] port-mirroring to observe-port 1 both   //Mirror both inbound and outbound packets on the mirrored port to the remote observing port used for internal loopback.

 

[SwitchB-GigabitEthernet1/0/6] quit

2. Configure internal loopback.

[SwitchB] vlan batch 20   //Create VLAN 20 for internal loopback and do not configure any other services in it.

 

[SwitchB] interface gigabitethernet1/0/1

[SwitchB-GigabitEthernet1/0/1] loopback internal   //Configure the remote observing port as an internal loopback port.

 

[SwitchB-GigabitEthernet1/0/1] mac-address learning disable   //Disable MAC address learning to prevent the internal loopback port from learning MAC addresses of other devices, so that packets received from other devices will be looped back in the local switch.

 

[SwitchB-GigabitEthernet1/0/1] stp disable   //Disable STP to prevent the internal loopback port from receiving the packets originated from the local switch, in which case the port will be blocked and transition to the Discarding state.

 

[SwitchB-GigabitEthernet1/0/1] port link-type access

 

[SwitchB-GigabitEthernet1/0/1] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/1] quit

[SwitchB] interface gigabitethernet1/0/2

[SwitchB-GigabitEthernet1/0/2] port link-type access

[SwitchB-GigabitEthernet1/0/2] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/2] quit

[SwitchB] interface gigabitethernet1/0/3

[SwitchB-GigabitEthernet1/0/3] port link-type access

[SwitchB-GigabitEthernet1/0/3] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/3] quit

[SwitchB] interface gigabitethernet1/0/4

[SwitchB-GigabitEthernet1/0/4] port link-type access

[SwitchB-GigabitEthernet1/0/4] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/4] quit

[SwitchB] interface gigabitethernet1/0/5

[SwitchB-GigabitEthernet1/0/5] port link-type access

[SwitchB-GigabitEthernet1/0/5] port default vlan 20   //Add the port to VLAN 20 used for broadcast of mirrored packets.

 

[SwitchB-GigabitEthernet1/0/5] quit

Ø  Configure remote mirroring and use an intermediate device to broadcast mirrored packets in a VLAN.

134116ubcn2bhddmhmig6i.png

As shown in the figure above, we need to monitor packets passing through a mirrored port on three monitoring devices, but SwitchB allows less than three observing ports. We can perform the following steps to enable SwitchC to broadcast mirrored packets in a VLAN:

1. Configure remote port mirroring on SwitchB.

<SwitchB> system-view

[SwitchB] observe-port 1 interface gigabitethernet1/0/1 vlan 20   //Configure a remote observing port and specify VLAN 20 for forwarding of mirrored packets.

 

[SwitchB] interface gigabitethernet1/0/2

[SwitchB-GigabitEthernet1/0/2] port-mirroring to observe-port 1 both   //Mirror both inbound and outbound packets on the mirrored port to the remote observing port.

 

[SwitchB-GigabitEthernet1/0/2] quit

2. Add ports on SwitchC to VLAN 20.

[SwitchC] interface gigabitethernet1/0/1

[SwitchC-GigabitEthernet1/0/1] port link-type trunk

[SwitchC-GigabitEthernet1/0/1] port trunk allow-pass vlan 20   //Add the port to VLAN 20 used to forward mirrored packets.

 

[SwitchC-GigabitEthernet1/0/1] quit

[SwitchC] interface gigabitethernet1/0/2

[SwitchC-GigabitEthernet1/0/2] port link-type access

[SwitchC-GigabitEthernet1/0/2] port default-vlan 20   //Add the port to VLAN 20 used to forward mirrored packets.

 

[SwitchC-GigabitEthernet1/0/2] quit

[SwitchC] interface gigabitethernet1/0/3

[SwitchC-GigabitEthernet1/0/3] port link-type access

[SwitchC-GigabitEthernet1/0/3] port default-vlan 20   //Add the port to VLAN 20 used to forward mirrored packets.

 

[SwitchC-GigabitEthernet1/0/3] quit

[SwitchC] interface gigabitethernet1/0/4

[SwitchC-GigabitEthernet1/0/4] port link-type access

[SwitchC-GigabitEthernet1/0/4] port default-vlan 20   //Add the port to VLAN 20 used to forward mirrored packets.

 

[SwitchB-GigabitEthernet1/0/4] quit

 

That's all what I want to talk today. For more information about the mirroring feature, you can download product documentation at http://support.huawei.com/enterprise/productsupport?lang=en&idAbsPath=7919710|9856733|7923144&pid=7923144. You can also post your questions or suggestions here, and I will reply as soon as possible.

 

 

 

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

Created Aug 8, 2016 18:06:08 Helpful(0) Helpful(0)

Very useful and descriptive posts, thank you.

Is it possible to mirror traffic of ETH Management port on Sx700 switches?

  • x
  • convention:

Official Created Aug 10, 2016 09:37:14 Helpful(0) Helpful(0)

Sorry,Sx7 switches can not mirror traffic of ETH Management port.
  • x
  • convention:

Created Sep 5, 2016 20:02:47 Helpful(0) Helpful(0)

thank you

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top