Example for Configuring ERSPAN

Owned by Tracy Yang
Nov 13, 2023
3 min read

Networking Requirements

Figure 1. ERSPAN Configuration Example

As shown in Figure 1, Host A, Host B and Host C access the Internet through Switch A. The remote Data Monitoring Server connects to Switch A through Switch B. To monitor the traffic from the three hosts, the data needs to be mirrored to the output port and carried across the tunnel to the remote Data Monitoring Server.

Follow the configuration steps listed below to enable the remote port mirroring function:

  1. Configure interface te-1/1/3 on Switch A as the output port for ERSPAN mirroring, which is responsible for forwarding mirrored messages to Switch B through GRE tunnel.
  2. Configure interface te-1/1/1 on Switch A as the input port for ERSPAN mirroring to copy the traffic from Host A, Host B and Host C accessing the Internet to the output port.
  3. On Switch B, create the VLAN and VLAN interface for forwarding mirrored messages to the Data Monitoring Server.
  4. On Data Monitoring Server, configure Linux GRE to decapsulate the receiving GRE messages.

Procedure

Switch A

Step 1          Configure VLANs and VLAN interfaces.

admin@SwitchA# set vlans vlan-id 100
admin@SwitchA# set vlans vlan-id 230
admin@SwitchA# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 100
admin@SwitchA# set interface gigabit-ethernet te-1/1/3 family ethernet-switching native-vlan-id 230
admin@SwitchA# set vlans vlan-id 100 l3-interface vlan100
admin@SwitchA# set vlans vlan-id 230 l3-interface vlan230
admin@SwitchA# set l3-interface vlan-interface vlan100 address 100.100.100.1 prefix-length 24
admin@SwitchA# set l3-interface vlan-interface vlan230 address 220.220.220.1 prefix-length 24

 Step 2          Configure the input port for ERSPAN mirror.

admin@SwitchA# set interface ethernet-switching-options analyzer 112 erspan input ingress te-1/1/1

 Step 3          Configure the source IP address and destination IP address for ERSPAN encapsulation.

admin@SwitchA# set interface ethernet-switching-options analyzer 112 erspan output source-ip 4.4.4.4
admin@SwitchA# set interface ethernet-switching-options analyzer 112 erspan output dest-ip 8.8.8.8

 Step 4          Configure routing protocol and enable IP routing for L3 forwarding.

admin@SwitchA# set protocols ospf router-id 1.1.1.1
admin@SwitchA# set protocols ospf area 0
admin@SwitchA# set protocols ospf network 100.100.100.0/24 area 0
admin@SwitchA# set protocols ospf network 220.220.220.0/24 area 0
admin@SwitchA# set ip routing enable true

 Step 5          Commit the configurations.

admin@SwitchA# commit

Switch B

 Step 1          Configure VLANs and VLAN interfaces.

admin@SwitchB# set vlans vlan-id 100
admin@SwitchB# set vlans vlan-id 230
admin@SwitchB# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 100
admin@SwitchB# set interface gigabit-ethernet te-1/1/5 family ethernet-switching native-vlan-id 230
admin@SwitchB# set vlans vlan-id 100 l3-interface vlan100
admin@SwitchB# set vlans vlan-id 230 l3-interface vlan230
admin@SwitchB# set l3-interface vlan-interface vlan100 address 8.8.8.1 prefix-length 24
admin@SwitchB# set l3-interface vlan-interface vlan230 address 220.220.220.2 prefix-length 24

 Step 2          Configure routing protocol and enable IP routing for L3 forwarding.

admin@SwitchB# set protocols ospf router-id 3.3.3.3
admin@SwitchB# set protocols ospf area 0
admin@SwitchB# set protocols ospf network 220.220.220.0/24 area 0
admin@SwitchB# set protocols ospf network 8.8.8.0/24 area 0
admin@SwitchB# set ip routing enable true

 Step 3          Commit the configurations.

admin@SwitchB# commit

Data Monitoring Server

On the Data Monitoring Server, configure Linux GRE to decapsulate the receiving GRE messages on Linux shell.

root@Monitoring_Server:/home/admin# ip addr add 8.8.8.8/24 dev eth0
root@Monitoring_Server:/home/admin# ip link add mm type erspan local 8.8.8.8 erspan_ver 0
root@Monitoring_Server:/home/admin# ip link set mm up

Host

No configuration is necessary on the hosts. Any packet the hosts send which flows through Switch A will automatically be copied across the ERSPAN tunnel to the Data Monitoring Server.

Verify Configuration

  • On Switch A, run command run show analyzer to view the mirroring information. 
admin@SwitchA# run show analyzer 112
Analyzer name: 112
Erspan Output:
       state: UP
       source-ip: 4.4.4.4
       dest-ip: 8.8.8.8
       output-port: te-1/1/3
       tagged vlan:
       vrf:
Ingress monitored interfaces: <te-1/1/1>
Egress monitored interfaces:
  • The Data Monitoring Server can normally receive the mirrored message.
    • Check the received mirrored message.
root@ Monitoring_Server:/home/admin# tcpdump -i eth0 -net -vv

    • View the decapsulated mirrored message.
root@ Monitoring_Server:/home/admin# tcpdump -i mm -net -vv

Copyright © 2024 Pica8 Inc. All Rights Reserved.