1. Introduction
Port Mirroring is a method of monitoring network traffic. When you enable port mirroring, the switch sends a copy of all network packets seen on one port to another port, where the packet can be analyzed.
1.1. Inbound Mirroring
Inbound mirroring is defined per In-Port, or per In-Port x VLAN. Configurations for six distinct VLAN tags, for any other VLAN tag, and for packets without VLAN tags are supported. The ingress mirroring can be sampled by specifying a probability that a matching packet will be mirrored.
1.2. Outbound Mirroring
Outbound mirroring is defined per Out-Port, or per Out-Port x VLAN tag. Configurations for seven distinct VLAN tags are supported.
1.3. Guidelines and Limitations
-
Up to 15 mirror profiles can be configured.
-
The same mirror resources are used for Lawful Interception (LI) and Port Mirroring.
-
You can configure a CPU port as destination physical interface port; but if heavy traffic is mirrored, it may impact system performance.
-
If physical interface/logical interface goes down, mirror configuration will not be deleted automatically. You need to delete the mirror configuration explicitly.
-
Before creating logical interface mirroring, the source logical interface should exist.
-
The logical interface should not be deleted during mirroring.
-
If you want to mirror traffic to CPU, enable the control plane security features. For more refer, see the Control Plane Security Guide.
-
Since this is a debugging tool, the save and reload functionality is not supported.
1.4. Supported Platforms
Not all features are necessarily supported on each hardware platform. Refer to the Platform Guide for the features and the sub-features that are or are not supported by each platform.
2. Configuration
2.1. Configuration Hierarchy
The diagram illustrates the port mirroring configuration hierarchy.
2.2. Configuration Syntax and Commands
The following sections describe the port mirroring configuration syntax and commands.
2.2.1. Port Mirroring Configuration
The following sections describe the port mirroring configuration syntax and commands.
Syntax:
set forwarding-options mirror <name> [source | destination] <attribute> <value>
| Attribute | Value |
|---|---|
<name> |
Name for mirror configuration |
acl [true | false] |
Configure source as ACL. |
direction [egress | ingress] |
Configure traffic direction ingress/egress. |
interface <interface> |
Specifies the physical interface name. |
logical-interface <logical-interface> |
Configure source logical interface name. |
Example 1: Mirroring one physical interface traffic to another physical interface
{
"rtbrick-config:mirror": [
{
"name": "MIRROR1",
"destination": {
"interface": "ifp-0/0/4"
},
"source": {
"direction": "ingress",
"interface": "ifp-0/0/2"
}
}
]
}
Example 2: Mirroring Traffic to CPU
{
"rtbrick-config:mirror": [
{
"name": "mirror1",
"destination": {
"interface": "cpu-0/0/200"
},
"source": {
"direction": "ingress",
"interface": "ifp-0/0/52"
}
}
]
}
3. Operational Commands
3.1. Capturing Mirror Traffic
After you configure mirroring to CPU by using the commands above, you can use the capture command to capture the mirror traffic.
Syntax:
capture mirror file <file_name> [start | stop]
| Attribute | Value |
|---|---|
<file_name> |
Name of the file where mirror traffic is captured |
Example 1: Starting and stopping mirror traffic to a file
root@rtbrick: cfg> capture mirror file test.pcap start root@rtbrick: cfg> capture mirror file test.pcap stop
3.2. Show Commands
3.2.1. show capture sessions
Syntax:
show capture sessions
| Option | Description |
|---|---|
- |
Without any option, the commands displays the FIB packet Capture sessions. |
Example 1: Summary of FIB packet Capture sessions
supervisor@rtbrick: op> show capture sessions Interface Direction File Context ifp-0/0/1 BOTH - 45
©Copyright 2023 RtBrick, Inc. All rights reserved. The information contained herein is subject to change without notice. The trademarks, logos and service marks ("Marks") displayed in this documentation are the property of RtBrick in the United States and other countries. Use of the Marks are subject to RtBrickās Term of Use Policy, available at https://www.rtbrick.com/privacy. Use of marks belonging to other parties is for informational purposes only.