S-Series: port mirror not working as long as Policy based mirror is enabled
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-26-2016 11:44 AM
Our Customers S8 Series core (S-150 class) has configured a policy based mirroring for Purview. We mirror nearly all ports to this destination.
Config:
set mirror create 1
set mirror 1 mirrorN 15
set mirror ports tg.4.104 1
.
.
.
set policy profile 2 name PurView pvid-status enable pvid 4095 mirror-destination 1
set policy rule admin-profile port ge.2.42 mask 16 port-string ge.2.42 admin-pid 2
.
.
.
If we then configure:
set port mirroring create ge.2.7 ge.2.42 both
set port mirroring create ge.3.7 ge.2.42 both
We did not get the full traffic on ge.2.42, it is about 1/10 of the traffic.
Is there any know restrictions about that situations?
If we disable the mirror (policy based mirroring) the port-mirror works fine....
Config:
set mirror create 1
set mirror 1 mirrorN 15
set mirror ports tg.4.104 1
.
.
.
set policy profile 2 name PurView pvid-status enable pvid 4095 mirror-destination 1
set policy rule admin-profile port ge.2.42 mask 16 port-string ge.2.42 admin-pid 2
.
.
.
If we then configure:
set port mirroring create ge.2.7 ge.2.42 both
set port mirroring create ge.3.7 ge.2.42 both
We did not get the full traffic on ge.2.42, it is about 1/10 of the traffic.
Is there any know restrictions about that situations?
If we disable the mirror (policy based mirroring) the port-mirror works fine....
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-07-2016 04:31 AM
Let us know how your testing goes Ranier
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-04-2016 12:18 PM
Thats interessting.
I got this response by Luke F. a few minutes ago (GTAC Case 01183964)
Hi Rainer,
Yes, both mirrors will work at the same time except for traffic that would have to be mirrored twice. .
.
.
I got this response by Luke F. a few minutes ago (GTAC Case 01183964)
Hi Rainer,
Yes, both mirrors will work at the same time except for traffic that would have to be mirrored twice. .
.
.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-28-2016 06:25 PM
Incidentally, as I poked around discussing details of mirror behavior in-house, I ran into a puzzle piece I could have used earlier in this thread. It doesn't change the previous answer but adds to an understanding of the behavior noted in your original description.
As you observed, if present policy mirror will be the operational mirror.
Here's the rest of the list of what steps on what - highest to lowest precedence.
Policy Mirror
Smon Ingress Port
Smon Egress Port
Smon Ingress Vlan
Smon Egress Vlan
This rule applies for the 150 class S-series, 140-180 class S-series and K-series products.
Regards,
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-28-2016 03:03 PM
Hello,
If policy profile 2 is already applied to ge.2-3.7 another policy mirror instance will not work on that same traffic. In this case the limit of a single mirror replication of any specific traffic holds true.
You can of course apply a different instance of policy mirror to ports with no previously active mirror - but I don't think this is your goal. You could also add another destination port to your policy so the mirror-n traffic goes to multiple destinations - but this also misses the mark as I understand your question.
Enhanced-mode-port-mirror overlay with its tx-only offering is the only wiggle room allowing policy-n and port based mirroring to act on (a subset of) the same traffic.
Mike
