Port Mirror limitations

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hello, I need to know how many port mirroring can create in a Summit x440, I mean, I have a 48 ports, can create 46 Mirror and sen the traffic to one especific port?
Photo of Uber Londono

Uber Londono

  • 320 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,304 Points 10k badge 2x thumb
Hi Uber,

You should be able to mirror ports 1-46 to port 48. After EXOS 15.3, up to four mirror instances are allowed, but this config would only use one mirror instance.

One thing to be aware of, however, is that since you are mirroring 46 ports, there is a potential for up to 92 gbps of traffic to be included in the mirror (1G ingress and egress on each mirrored port). Because of this, some traffic may not be seen on the monitor port due to bandwidth limitations.
Photo of Uber Londono

Uber Londono

  • 320 Points 250 badge 2x thumb
Thanks Brandon.
Photo of Sean Brady

Sean Brady

  • 318 Points 250 badge 2x thumb
Uber, you can also mirror an entire VLAN to a monitor port.  Depending on the amount of traffic on the VLAN this could potentially saturate the monitor port.
Photo of Uber Londono

Uber Londono

  • 320 Points 250 badge 2x thumb
Thanks Sean, only one question, in the documentation I see "For VLANs and virtual ports, only traffic ingressing these interfaces are mirroring", I need the Mirror for recording issues and I need record both ingress and egress, is that posible??
Regards
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,304 Points 10k badge 2x thumb
Uber,

When mirroring a VLAN, you are limited to ingress only. If you need ingress and egress, you will need to mirror the ports. If multiple VLANs are present on the port, all VLANs will be mirrored. 
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Uber,

If you captured ingress and egress traffic in a VLAN you would end with duplicate traffic.

Suppose you have node A connected to port 1 and nobe B connected to port 2 and that both nodes are on the same vlan. When node A send a packet to node B the switch will mirror it when in enters the vlan (ingress) and when node B responds the switch will mirror it when the packet enters the vlan. If you mirrored traffic when it entered the vlan and when it egressed, you would have each packet mirrored twice.

Mirroring ingress and egress traffic makes sense when you apply it to a port.

Even then you have to be careful to avoid duplication of traffic. Using the previous example, if you mirrored ingress & egress in those two ports, any traffic exchanged between nodes A and B would be duplicate...

Remember that the mirrored traffic can be much higher than the capacity of the mirror port, so you want to avoid duplicate traffic.
Photo of Tomasz Lubas

Tomasz Lubas

  • 534 Points 500 badge 2x thumb
Keep in mind that if you mirroring both directions on all ports then there is a chance that you duplicate traffic :)
Photo of Kawawa

Kawawa, GTAC

  • 3,292 Points 3k badge 2x thumb
As outlined above, XOS limits to 16 Mirrors (only 4 can be active), however, each of those mirrors can have up to 128 filters defined. And each filter can be made up of ports, virtual ports or VLANS.  But the best practice is to mirror traffic on the port that aggregates and egresses the traffic of those 46 ports
(Edited)