S-Series: port mirror not working as long as Policy based mirror is enabled

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
  • (Edited)
Our Customers S8 Series core (S-150 class) has configured a policy based mirroring for Purview. We mirror nearly all ports to this destination.

Config: 

set mirror create 1
set mirror 1 mirrorN 15
set mirror ports tg.4.104 1
.
.
.
set policy profile 2 name PurView pvid-status enable pvid 4095 mirror-destination 1
set policy rule admin-profile port ge.2.42 mask 16 port-string ge.2.42 admin-pid 2
.
.
.

If we then configure:

set port mirroring create ge.2.7 ge.2.42 both
set port mirroring create ge.3.7 ge.2.42 both


We did not get the full traffic on ge.2.42, it is about 1/10 of the traffic.


Is there any know restrictions about that situations?


If we disable the mirror (policy based mirroring) the port-mirror works fine....



Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,618 Points 2k badge 2x thumb
There are many restrictions to mirroring.  Most are addressed in the release notes.  For the most part Traffic may only be mirrored once.  So if traffic is subject to the policy mirror it can not also be subject to the port mirror.
Photo of Mike D

Mike D, Alum

  • 3,852 Points 3k badge 2x thumb
Hello,
Additional info on this topic:

S-series 150 class switches support  policy mirror as first priority.  The 150 class will not support both mirror-n for Purview and port mirror simultaneously with one exception:  if you make the mirror an enhanced mirror, the port mirror will work for “tx” (packets outbound on the port), even when the policy mirror is enabled.  
 
S-series 140-180 class modules with additional switch fabric capability are not subject to this exclusive mirror type behavior. 

Hope that helps,
Mike

Adding a KCS knowledge base article to this effect in short order.
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
WOW, thank you very very much Mike, that makes it complete clear. 
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
Is it possible to create more then one policy based mirror?

currently we had defined in the old config that policy profile 2 (where all other ports are in) are sending to tg.4.101 (where the PurView appliance is connected), if I would create another policy based mirror where I only contain the 2 source ports ge.2.7 and ge.3.7 and mirror it to ge.2.44 (where is the sniffer connected)?? 

Would this work?
Photo of Mike D

Mike D, Alum

  • 3,852 Points 3k badge 2x thumb



Hello,

If policy profile 2 is already applied to ge.2-3.7 another policy mirror instance will not work on that same traffic.  In this case the limit of a single mirror replication of any specific traffic holds true.

You can of course apply a different instance of policy mirror to ports with no  previously active mirror - but I don't think this is your goal.  You could also add another destination port to your policy so the mirror-n traffic goes to multiple destinations - but this also misses the mark as I understand your question.

Enhanced-mode-port-mirror overlay with its tx-only offering is the only wiggle room allowing policy-n and port based mirroring to act on (a subset of) the same traffic.



Mike

Photo of Mike D

Mike D, Alum

  • 3,852 Points 3k badge 2x thumb
Incidentally, as I poked around discussing details of mirror behavior in-house, I ran into a puzzle piece I could have used earlier in this thread.  It doesn't change the previous answer but adds to an understanding of the behavior noted in your original description.              

As you observed, if present policy mirror will be the operational mirror.  

Here's the rest of the list of what steps on what - highest to lowest precedence.

Policy Mirror

Smon Ingress Port            

Smon Egress Port

Smon Ingress Vlan

Smon Egress Vlan

This rule applies for the 150 class S-series, 140-180 class S-series and K-series products. 

Regards,

Mike



Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
Thats interessting.

I got this response by Luke F. a few minutes ago (GTAC Case 01183964)


Hi Rainer,

Yes, both  mirrors will work at the same time except for traffic that would have to be mirrored twice. 

.

.

.


Photo of Mike D

Mike D, Alum

  • 3,852 Points 3k badge 2x thumb
Let us know how your testing goes Ranier