Remote Mirror Clarification Wanted

  • 0
  • 1
  • Question
  • Updated 3 months ago
  • Answered
I basically have the layout that was discussed in https://community.extremenetworks.com/extreme/topics/remote-mirroring-trunk-lacp, but I was looking for an "official" confirmation.

Let's say I have an edge switch (460) with multiple vlans, tagged to a shared uplink port 55 (grouped 55-58) to two BD8800s (55/56 going to BD8800-1, 57/58 to BD8800-2) with an ISC/MLAG between the 8800s.

I need to remote mirror, let's say "Port 1" on the 460, which is an untagged port in a vlan, meaning I need to see the traffic that happens on the 460-Port-1

My Network Analyzer is plugged into port 5:20 on BD8800-1

Naive me goes ahead and says on the 460:
configure mirror add port 1 ingress-and-egress
configure mirror to port 55 remote-tag 1234

So far, so good. But as soon as I say:
enable mirror

I get the dreaded "Error: Port mirroring cannot be enabled on a trunk member port 55"

I created a vlan 1234 and added port 55 tagged to it - makes no difference

I just wanted a confirmation that it's really not possible to use existing shared uplink ports to carry remote mirrors. As much as I hate it, I can understand that there might be technical limitations with shared ports and mirrors - like packet sequences getting out of order perhaps, or some such thing.

Would I be right to assume that remote mirroring only works over single unshared "uplink" ports - which in my case pretty much means "if you want to remote mirror, fling a new cable from the 8800 with the analyzer to the 460s where you want to monitor ports?

Yes, I tried to read the documentation, but may have missed that part ;) At least that way I found the "capture locally to memory, tftp, then analyze" trick that I will be eternally grateful for - just have to be careful to not accidentally use up all the memory!

Thank you
   Frank
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of ChrisH

ChrisH, ESE - Employee

  • 350 Points 250 badge 2x thumb
Hi Frank,

In this situation i recommend opening up a case with GTAC.
This way the engineer can perform testing and also involve engineering in a discussion in case this should be necessary.

This way you can also get an "official answer", and possibly it can result (in case there is no simple solution) in a feature request to have this implemented.
Especially in MLAG designs this will be important.

Chris
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
OK, I'll open a case and will post results :)
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
OK, now I feel stupid again. "Extreme Support" came through with a one-liner ;) . In short: it works as outlined in https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-remote-mirroring-through-...

On the edge switch where you want to mirror a port:

set up your mirror with the port you want to have mirrored (ingress/ingress-and-egress...)
you need an unused port on your switch, let's say "13"
Let's also say your uplink shared group is port 55 (shared 55, grouped 55-58)

"enable mirror to port-list 55 loopback port 15 remote tag 1234"

You don't need to create vlan 1234 on that switch.

On the next switch(es) up (as per documentation, search the PDF for "mirror" and scroll down for remote mirrors):
create vlan remote_mirror
configure vlan remote_mirror tag 1234 remote-mirroring
configure vlan remote_mirror add ports <ports-to-edge-switch> tagged
configure vlan remote_mirror add ports <ISC ports, if that applies to you>

Do that on the switches up to and including the switch where your network-analyzer sits
And there just add vlan "remote_mirror" to your mirror config

I know I found the documentation parts when I started down that path, but somehow must have messed things up.

Apologies for not having properly read/understood the manual and articles :(
Photo of Derek Bird

Derek Bird, Employee

  • 576 Points 500 badge 2x thumb
Frank:  it's complex...it is network engineering, after all!

I was glad to be able to assist you.
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
Thank you for your kind words :)
Photo of Bin

Bin, Employee

  • 5,350 Points 5k badge 2x thumb
https://documentation.extremenetworks.com/exos_commands_22.4/exos_21_1/exos_commands_all/r_enable-mi...
  • In normal mirroring, a monitor port cannot be added to a load share group. In one-to-many mirroring, a monitor port list can be added to a load share group, but a loopback port cannot be used in a load share group.