The value of ERSPAN cannot be overstated! It provides the much needed visibility into virtualized environments that are rapidly becoming the de facto server paradigm these days.
Encapsulated remote span work by tunnelling packets to a remote analyzer platform such as the Network Analysis Module (in this case its a NAM blade in a Catalyst 6500).
The key to picking up copies of traffic from inside the virtual world is the "l3-control" capability in a Nexus 1000V port-profile as seen here:
port-profile type vethernet esx_300
capability l3control vmware port-group
switchport mode access
switchport access vlan 300
no shutdown
system vlan 300
state enabled
And notice that it appears in the "system-uplink" profile:
port-profile type ethernet system-uplink
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 300-304
pinning control-vlan 0
pinning packet-vlan 0
mtu 9000
channel-group auto mode on mac-pinning
no shutdown
system vlan 300,303
state enabled
Next, we costruct the ERSPAN session as follows:
monitor session 64 type erspan-source
description n1K_ERSPAN_example
source vlan 300,304 both
destination ip 172.31.255.254
erspan-id 700
ip ttl 64
ip prec 0
ip dscp 0
mtu 1500
header-type 2
no shut
We selected an ERSPAN id of 700 which helps identify the session on the remote NAM platform.
Assuming that IP routing is active, the ERSPAN session will show up automatically on the NAM under "data sources". You will be able to specify filters and analyze traffic from any VLAN that the Nexus 1000V controls within the virtual world. Here we are using VLAN 304 as an example.
Encapsulated remote span work by tunnelling packets to a remote analyzer platform such as the Network Analysis Module (in this case its a NAM blade in a Catalyst 6500).
The key to picking up copies of traffic from inside the virtual world is the "l3-control" capability in a Nexus 1000V port-profile as seen here:
port-profile type vethernet esx_300
capability l3control vmware port-group
switchport mode access
switchport access vlan 300
no shutdown
system vlan 300
state enabled
And notice that it appears in the "system-uplink" profile:
port-profile type ethernet system-uplink
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 300-304
pinning control-vlan 0
pinning packet-vlan 0
mtu 9000
channel-group auto mode on mac-pinning
no shutdown
system vlan 300,303
state enabled
Next, we costruct the ERSPAN session as follows:
monitor session 64 type erspan-source
description n1K_ERSPAN_example
source vlan 300,304 both
destination ip 172.31.255.254
erspan-id 700
ip ttl 64
ip prec 0
ip dscp 0
mtu 1500
header-type 2
no shut
We selected an ERSPAN id of 700 which helps identify the session on the remote NAM platform.
Assuming that IP routing is active, the ERSPAN session will show up automatically on the NAM under "data sources". You will be able to specify filters and analyze traffic from any VLAN that the Nexus 1000V controls within the virtual world. Here we are using VLAN 304 as an example.
