Remote Mirroring Feature Dependencies and Limitations

Latest reply: Aug 24, 2018 03:46:04 355 3 3 0

Feature Dependencies and Limitations

Since V200R001C00, by default, the switch supports only local mirroring and does not support remote mirroring (including Layer 2 remote mirroring RSPAN and Layer 3 remote mirroring ERSPAN). If you want to enable remote mirroring on the switch, the switch must have the plugin of the required version installed.

After the switch is upgraded from a version earlier than V200R001C00 to V200R001C00 or later, the remote mirroring configuration will be lost on the switch.

Since V200R001C00, the remote mirroring function cannot be used with ISSU. The remote mirroring function needs to be deleted from the switch in either of the following situations:

  • The switch needs to be upgraded from a version earlier than V200R001C00 to V200R001C00 or later using ISSU.
  • The switch needs to be upgraded from V200R001C00 or later using ISSU.

  • To prevent information loss during mirroring, configure ports of the same type as observing and mirrored ports and set the same bandwidth for the observing and mirrored ports. If the bandwidth of an observing port is smaller than that of a mirrored port, information may be lost on the observing port during mirroring.

  • To prevent other services from conflicting with mirroring services, you are not advertised to configure other services on observing ports.

  • The CE12800E does not support layer 3 remote mirroring.

  • The switch supports inter-card mirroring. That is, the observing port and mirrored port can be located on different cards of a switch.

  • In V100R003C00 and earlier versions, GE ports cannot be configured as observing ports for Layer 2 remote mirroring. In V100R003C10 and later versions, GE ports can.

  • In a stack system, the observing and mirrored ports in traffic mirroring can be configured on different chassis. In V100R003C00 and earlier versions, the observing and mirrored ports in port mirroring must be configured on the same chassis. In V100R003C10 and later versions, the observing and mirrored ports in port mirroring can be configured on different chassis. Packets mirrored from one chassis to the other may be changed or discarded. Therefore, do not configure the observing and mirrored ports on different chassis. Otherwise, the following problems may occur:
    • Incoming Layer 3 packets mirrored from one chassis to another do not carry the VLAN field.
    • Packets mirrored from one chassis to another using remote mirroring are encapsulated incorrectly.
  • Since V200R001C00, in a stack, packets that are not mirrored from one chassis to another will not be copied to stack ports in order to save stack bandwidth. This function removes the need to run the multicast forwarding optimization command to prevent these packets from being copied to stack ports.

  • When configuring Layer 2 remote port mirroring, do not use a remote mirroring VLAN to forward non-mirrored traffic and run the mac-address learning disable command in the VLAN view on the device that forwards mirrored traffic to disable MAC address learning in the remote mirroring VLAN.

  • A port cannot be configured as both a mirrored port and an observing port. An Ethernet or Eth-Trunk port can be configured as a mirrored port. An Eth-Trunk member port cannot be configured as an observing port.

  • If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as mirrored ports.

    If a member port of an Eth-Trunk is configured as a mirrored port, the Eth-Trunk cannot be configured as a mirrored port.

  • The following ports cannot be added to an observing port group:
    • Mirroring port

    • Observing port

    • Eth-Trunk member port

    • Stack physical member port

  • A member port added to an observing port group cannot be configured as an observing port.

  • When a traffic policy with deny and traffic mirroring behaviors is applied to the outbound direction of an interface, the traffic mirroring behavior does not take effect.

  • If a mirrored port and an observing port are added to the same port isolation group in which the isolation mode is Layer 2 isolation, inbound traffic on the mirrored port is isolated and cannot reach the observing port, but outbound traffic on the mirrored port is not isolated and can reach the observing port.

  • The EA series LPUs and EC series LPUs (at the rate of GE) remove the first 16 bytes from mirrored EVN and VXLAN packets. For other series of cards, the device will remove the 16-byte headers from the packets only when the card interoperability mode is set to non-enhanced mode using the undo set forward capability enhanced command and the NVO3 service extension function is disabled using the undo assign forward nvo3 service extend enable command.
  • On a CE12800E, NetStream and port mirroring can be configured on the same interface. NetStream does not conflict with MQC-based traffic mirroring or VLAN-based mirroring.

    On other models:
    • When inbound NetStream sampling uses snoop resources, port mirroring and inbound NetStream can be configured on the same interface. Inbound NetStream does not conflict with MQC-based traffic mirroring or VLAN-based mirroring.
    • When inbound NetStream sampling does not use snoop resources, NetStream and port mirroring cannot be configured on the same interface. NetStream conflicts with MQC-based traffic mirroring and VLAN mirroring. After NetStream is configured on an interface, do not configure any MQC-based traffic mirroring or VLAN mirroring to contain this interface. If the NetStream and mirroring functions (MQC-based traffic mirroring or VLAN mirroring) are configured on the same interface, they cannot all take effect simultaneously.
  • sFlow and port mirroring cannot be configured on the same interface. sFlow conflicts with MQC-based traffic mirroring and VLAN mirroring. After sFlow is configured on an interface, do not configure any MQC-based traffic mirroring or VLAN mirroring to contain this interface.

  • If NetStream/SFlow has been configured on an Eth-Trunk, port mirroring cannot be configured on the member interfaces of the Eth-Trunk. If port mirroring has been configured on member interfaces of an Eth-Trunk, NetStream/SFlow cannot be configured on the Eth-Trunk.

  • VLAN mirroring conflicts with port mirroring, MQC-based traffic mirroring, and NetStream/SFlow, and it is not recommended to configure them simultaneously.
  • When both the traffic statistics collection and traffic mirroring functions are configured in MQC, packets discarded by a port before the packets match an ACL can be mirrored but their statistics cannot be collected.
  • On a non-CE12800E switch, the following services are in descending order of priority: M-LAG unidirectional isolation, MQC (traffic policing, traffic statistics, and packet filtering), querying the outbound interface of packets with specified 5-tuple information, source MAC address, and destination MAC address, local VLAN mirroring, sFlow, NetStream, and statistics on the VLANIF interface or sub-interface. When the services are configured on an interface in the outbound direction, the service with the highest priority takes effect. For example, when both packet filtering and statistics on the VLANIF interface are configured on the VLANIF interface, packet filtering takes effect.

    For sFlow and NetStream, the preceding limitations apply to all interfaces in V100R005C10 and earlier versions and only sub-interfaces in V100R006C00 and later versions.

  • The traffic in the same direction of all active ports in a specified VLAN cannot be concurrently mirrored to an observing port and an observing port group.

  • On switches except CE12800E, when outbound mirroring is performed on Layer 3 main interfaces, mirrored packets will carry the VLAN ID, which is the reserved VLAN ID and defaults to 4064.

  • In an SVF system, pay attention to the following points when configuring mirroring:
    • An SVF system does not support 1:N mirroring.
    • Layer 3 remote mirroring between different leaf or parent switches is not supported.
    • The VLAN tag used in inter-chassis mirroring may be incorrect.
    • The port that connects a leaf switch to a parent switch cannot be configured as a mirrored port.
    • Eth-Trunk does not support mirroring between different leaf or parent switches.
    • Traffic on interfaces of leaf switches cannot be mirrored to an observing interface group and do not support Layer 3 remote mirroring.
    • In port mirroring, if the mirrored port is located on a parent switch, it is recommended to configure the observing port on the parent switch rather than a leaf switch.
    • Port mirroring: If the mirrored port is located on a leaf switch, the leaf switch can be configured with only one observing port. If the mirrored port is located on a parent switch, the parent switch can be configured with a maximum of eight observing ports.
    • In VLAN mirroring or traffic mirroring, only one observing port can be configured. VLAN mirroring applies only to local mirroring.
  • x
  • convention:

Created Aug 21, 2018 01:29:22 Helpful(0) Helpful(0)

There is a lot of information. Thanks for sharing. :)
  • x
  • convention:

Atentamente,

Héctor R. Azcanio
Created Aug 24, 2018 00:52:06 Helpful(0) Helpful(0)

Nice to know these limitations, I thought remote mirroring was a basic feature but now I can see that it might require special plugins.
  • x
  • convention:

Created Aug 24, 2018 03:46:04 Helpful(0) Helpful(0)

Good explanation about mirroring, in the future I will use it.
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top