Captured traffic inconsistently VLAN-tagged

nmelay — Wed, 03 Jul 2024 13:18:18 GMT

Hi all,

I set up traffic monitoring on VOSS and EXOS switches, but the network analysis guys are complaining that captured traffic is asymetrically tagged, and this messes up with their software.

On the EXOS switch, traffic is captured on selected ports:
create mirror <name>
configure mirror <name> to port <dst-port>
configure mirror <name> add port <ports>
enable mirror <name>

On the VOSS switch, traffic from/to selected IP addresses is captured:
filter acl 1 type inVlan
filter acl set 1 global-action monitor-dst-port <dst-port>
filter acl vlan 1 <vlan>
filter acl ace 1 1
filter acl ace action 1 1 permit
filter acl ace ethernet 1 1 ether-type eq ip
filter acl ace ip 1 1 dst-ip eq <ip1>
filter acl ace 1 1 enable
filter acl ace 1 2
filter acl ace action 1 2 permit
filter acl ace ethernet 1 2 ether-type eq ip
filter acl ace ip 1 2 src-ip eq <ip1>
filter acl ace 1 2 enable
[two more ACEs for <ip2>]

On EXOS, we use NAC to move devices to the VLAN they belong to, just in case this matters and could mess up with traffic capture.
On VOSS, we couldn't use port-based capture because we're capturing VM traffic. Some traffic will be captured on UNI ports connected to the VM infrastructure or router/firewall, and some on NNI port to another VOSS switch.

In both cases, network analysis guys complain there's a VLAN tag on inbound traffic but not on outbound, or the other way I'm not sure.
Is this a known issue ?
Can we make the captured traffic consistent VLAN-wise ?

topic Captured traffic inconsistently VLAN-tagged in ExtremeSwitching (VSP/Fabric Engine)

Captured traffic inconsistently VLAN-tagged