This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S-Series: port mirror not working as long as Policy based mirror is enabled

S-Series: port mirror not working as long as Policy based mirror is enabled

Rainer_Adam
New Contributor III

‎01-26-2016 11:44 AM

Our Customers S8 Series core (S-150 class) has configured a policy based mirroring for Purview. We mirror nearly all ports to this destination.

Config:

set mirror create 1
set mirror 1 mirrorN 15
set mirror ports tg.4.104 1
.
.
.
set policy profile 2 name PurView pvid-status enable pvid 4095 mirror-destination 1
set policy rule admin-profile port ge.2.42 mask 16 port-string ge.2.42 admin-pid 2
.
.
.

If we then configure:

set port mirroring create ge.2.7 ge.2.42 both
set port mirroring create ge.3.7 ge.2.42 both

We did not get the full traffic on ge.2.42, it is about 1/10 of the traffic.

Is there any know restrictions about that situations?

If we disable the mirror (policy based mirroring) the port-mirror works fine....

8 REPLIES 8

Mike_D
Extreme Employee

‎02-07-2016 04:31 AM

Let us know how your testing goes Ranier
0 Kudos

Rainer_Adam
New Contributor III

‎02-04-2016 12:18 PM

Thats interessting.

I got this response by Luke F. a few minutes ago (GTAC Case 01183964)

Hi Rainer,

Yes, both mirrors will work at the same time except for traffic that would have to be mirrored twice. .

.

.

0 Kudos

Mike_D
Extreme Employee

‎01-28-2016 06:25 PM


Incidentally, as I poked around discussing details of mirror behavior in-house, I ran into a puzzle piece I could have used earlier in this thread. It doesn't change the previous answer but adds to an understanding of the behavior noted in your original description.

As you observed, if present policy mirror will be the operational mirror.

Here's the rest of the list of what steps on what - highest to lowest precedence.

Policy Mirror

Smon Ingress Port

Smon Egress Port

Smon Ingress Vlan

Smon Egress Vlan

This rule applies for the 150 class S-series, 140-180 class S-series and K-series products.

Regards,

Mike

0 Kudos

Mike_D
Extreme Employee

‎01-28-2016 03:03 PM



Hello,

If policy profile 2 is already applied to ge.2-3.7 another policy mirror instance will not work on that same traffic. In this case the limit of a single mirror replication of any specific traffic holds true.

You can of course apply a different instance of policy mirror to ports with no previously active mirror - but I don't think this is your goal. You could also add another destination port to your policy so the mirror-n traffic goes to multiple destinations - but this also misses the mark as I understand your question.

Enhanced-mode-port-mirror overlay with its tx-only offering is the only wiggle room allowing policy-n and port based mirroring to act on (a subset of) the same traffic.

Mike

0 Kudos
GTM-P2G8KFN