Hello everyone,
Today, I will show you how to deal with the small traffic after CE12812 is configured with flow mirroring.
Issue Description
As shown in this figure, all gateways are on the cluster system. Hosts access the server through intra-VLAN Layer 2 traffic or inter-VLAN Layer 3 traffic. Traffic mirroring is configured so that all the traffic pass through VLAN 10, VLAN 11, and VLAN 12 is copied to the traffic analyzer. The analysis of the traffic analyzer shows that only a little traffic exists.
The traffic mirroring configuration is as follows:
observe-port 1 interface GE2/9/0/47
acl number 3300
rule 1 permit ip
traffic classifier traffic_mirror
if-match acl 3300
traffic behavior traffic_mirror
mirroring observe-port 1
traffic policy traffic_mirror
classifier traffic_mirror behavior traffic_mirror
vlan10
traffic-policy traffic_mirror inbound
traffic-policy traffic_mirror outbound
vlan11
traffic-policy traffic_mirror inbound
traffic-policy traffic_mirror outbound
vlan12
traffic-policy traffic_mirror inbound
traffic-policy traffic_mirror outbound
Alarm Information
The traffic analyzer displays only little unidirectional traffic.
Handling Process
Step 1 View statistics about the traffic imported by the traffic analyzer. It is confirmed that only little unidirectional traffic exists.
Step 2 Obtain the packet header information on GE 2/9/0/47. It is further confirmed that this problem exists.
Step 3 Log in to the cluster system to view the related traffic mirroring configuration. It is found that the configuration is proper.
Step 4 Check the related documents and contact the related processing personnel. It is found that the traffic mirroring policy used in the outbound direction matches both Layer 2 and Layer 3 traffic. The traffic mirroring for Layer 2 traffic and the traffic mirroring for Layer 3 traffic are separately configured. The traffic mirroring configuration of the cluster system, however, matches only Layer 3 traffic.
Step 5 Configure the traffic mirroring for Layer 2 traffic and the traffic mirroring for Layer 3 traffic. Then, verify the configuration. The detailed configuration is as follows:
observe-port 1 interface GE2/9/0/47
acl number 3300
rule 5 permit ip
acl number 4000
rule 5 permit
traffic classifier traffic_mirror_sanceng
if-match acl 3300
traffic classifier traffic_mirror_erceng
if-match acl 4000
traffic behavior traffic_mirror_sanceng
mirroring observe-port 1
traffic behavior traffic_mirror_erceng
mirroring observe-port 1
traffic policy traffic_mirror_sanceng
classifier traffic_mirror_sanceng behavior traffic_mirror_sanceng
traffic policy traffic_mirror_erceng
classifier traffic_mirror_erceng behavior traffic_mirror_erceng
vlan10
traffic-policy traffic_mirror_sanceng inbound
traffic-policy traffic_mirror_sanceng outbound
traffic-policy traffic_mirror_erceng inbound
traffic-policy traffic_mirror_erceng outbound
vlan11
traffic-policy traffic_mirror_sanceng inbound
traffic-policy traffic_mirror_sanceng outbound
traffic-policy traffic_mirror_erceng inbound
traffic-policy traffic_mirror_erceng outbound
vlan12
traffic-policy traffic_mirror_sanceng inbound
traffic-policy traffic_mirror_sanceng outbound
traffic-policy traffic_mirror_erceng inbound
traffic-policy traffic_mirror_erceng outbound
Step 6 View traffic statistics on the traffic analyzer. It is found that a large number of packets instantly exist on the traffic analyzer and the traffic volume is high. It is determined that this problem occurs because the cluster system is configured with only a traffic policy matching Layer 3 traffic.
Root Cause
The cluster system is configured with only a traffic policy matching Layer 3 traffic.
Solution
Configure the traffic mirroring for Layer 2 traffic and the traffic mirroring for Layer 3 traffic. The detailed configuration is as follows:
observe-port 1 interface GE2/9/0/47
acl number 3300
rule 5 permit ip
acl number 4000
rule 5 permit
traffic classifier traffic_mirror_sanceng
if-match acl 3300
traffic classifier traffic_mirror_erceng
if-match acl 4000
traffic behavior traffic_mirror_sanceng
mirroring observe-port 1
traffic behavior traffic_mirror_erceng
mirroring observe-port 1
traffic policy traffic_mirror_sanceng
classifier traffic_mirror_sanceng behavior traffic_mirror_sanceng
traffic policy traffic_mirror_erceng
classifier traffic_mirror_erceng behavior traffic_mirror_erceng
vlan10
traffic-policy traffic_mirror_sanceng inbound
traffic-policy traffic_mirror_sanceng outbound
traffic-policy traffic_mirror_erceng inbound
traffic-policy traffic_mirror_erceng outbound
vlan11
traffic-policy traffic_mirror_sanceng inbound
traffic-policy traffic_mirror_sanceng outbound
traffic-policy traffic_mirror_erceng inbound
traffic-policy traffic_mirror_erceng outbound
vlan12
traffic-policy traffic_mirror_sanceng inbound
traffic-policy traffic_mirror_sanceng outbound
traffic-policy traffic_mirror_erceng inbound
traffic-policy traffic_mirror_erceng outbound
Suggestion
Step 1 Regularly check the running status of the CE12812 cluster system, including the software and hardware information.
Step 2 Due to threshold-crossing traffic in VLAN 10, VLAN 11, and VLAN12 and the port bandwidth limitations, copy only the needed traffic for traffic mirroring configuration.
Step 3 Install the latest patch version on the CE12812 cluster system.
That is all I want to share with you! Thank you!
