Example for Configuring ERSPAN
Networking Requirements
Figure 1. ERSPAN Configuration Example
As shown in Figure 1, Host A, Host B and Host C access the Internet through Switch A. The remote Data Monitoring Server connects to Switch A through Switch B. To monitor the traffic from the three hosts, the data needs to be mirrored to the output port and carried across the tunnel to the remote Data Monitoring Server.
Follow the configuration steps listed below to enable the remote port mirroring function:
- Configure interface te-1/1/3 on Switch A as the output port for ERSPAN mirroring, which is responsible for forwarding mirrored messages to Switch B through GRE tunnel.
- Configure interface te-1/1/1 on Switch A as the input port for ERSPAN mirroring to copy the traffic from Host A, Host B and Host C accessing the Internet to the output port.
- On Switch B, create the VLAN and VLAN interface for forwarding mirrored messages to the Data Monitoring Server.
- On Data Monitoring Server, configure Linux GRE to decapsulate the receiving GRE messages.
Procedure
Switch A
Step 1 Configure VLANs and VLAN interfaces.
admin@SwitchA# set vlans vlan-id 100 admin@SwitchA# set vlans vlan-id 230 admin@SwitchA# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 100 admin@SwitchA# set interface gigabit-ethernet te-1/1/3 family ethernet-switching native-vlan-id 230 admin@SwitchA# set vlans vlan-id 100 l3-interface vlan100 admin@SwitchA# set vlans vlan-id 230 l3-interface vlan230 admin@SwitchA# set l3-interface vlan-interface vlan100 address 100.100.100.1 prefix-length 24 admin@SwitchA# set l3-interface vlan-interface vlan230 address 220.220.220.1 prefix-length 24
Step 2 Configure the input port for ERSPAN mirror.
admin@SwitchA# set interface ethernet-switching-options analyzer 112 erspan input ingress te-1/1/1
Step 3 Configure the source IP address and destination IP address for ERSPAN encapsulation.
admin@SwitchA# set interface ethernet-switching-options analyzer 112 erspan output source-ip 4.4.4.4 admin@SwitchA# set interface ethernet-switching-options analyzer 112 erspan output dest-ip 8.8.8.8
Step 4 Configure routing protocol and enable IP routing for L3 forwarding.
admin@SwitchA# set protocols ospf router-id 1.1.1.1 admin@SwitchA# set protocols ospf area 0 admin@SwitchA# set protocols ospf network 100.100.100.0/24 area 0 admin@SwitchA# set protocols ospf network 220.220.220.0/24 area 0 admin@SwitchA# set ip routing enable true
Step 5 Commit the configurations.
admin@SwitchA# commit
Switch B
Step 1 Configure VLANs and VLAN interfaces.
admin@SwitchB# set vlans vlan-id 100 admin@SwitchB# set vlans vlan-id 230 admin@SwitchB# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 100 admin@SwitchB# set interface gigabit-ethernet te-1/1/5 family ethernet-switching native-vlan-id 230 admin@SwitchB# set vlans vlan-id 100 l3-interface vlan100 admin@SwitchB# set vlans vlan-id 230 l3-interface vlan230 admin@SwitchB# set l3-interface vlan-interface vlan100 address 8.8.8.1 prefix-length 24 admin@SwitchB# set l3-interface vlan-interface vlan230 address 220.220.220.2 prefix-length 24
Step 2 Configure routing protocol and enable IP routing for L3 forwarding.
admin@SwitchB# set protocols ospf router-id 3.3.3.3 admin@SwitchB# set protocols ospf area 0 admin@SwitchB# set protocols ospf network 220.220.220.0/24 area 0 admin@SwitchB# set protocols ospf network 8.8.8.0/24 area 0 admin@SwitchB# set ip routing enable true
Step 3 Commit the configurations.
admin@SwitchB# commit
Data Monitoring Server
On the Data Monitoring Server, configure Linux GRE to decapsulate the receiving GRE messages on Linux shell.
root@Monitoring_Server:/home/admin# ip addr add 8.8.8.8/24 dev eth0 root@Monitoring_Server:/home/admin# ip link add mm type erspan local 8.8.8.8 erspan_ver 0 root@Monitoring_Server:/home/admin# ip link set mm up
Host
No configuration is necessary on the hosts. Any packet the hosts send which flows through Switch A will automatically be copied across the ERSPAN tunnel to the Data Monitoring Server.
Verify Configuration
- On Switch A, run command run show analyzer to view the mirroring information.
admin@SwitchA# run show analyzer 112 Analyzer name: 112 Erspan Output: state: UP source-ip: 4.4.4.4 dest-ip: 8.8.8.8 output-port: te-1/1/3 tagged vlan: vrf: Ingress monitored interfaces: <te-1/1/1> Egress monitored interfaces:
- The Data Monitoring Server can normally receive the mirrored message.
- Check the received mirrored message.
root@ Monitoring_Server:/home/admin# tcpdump -i eth0 -net -vv
- View the decapsulated mirrored message.
root@ Monitoring_Server:/home/admin# tcpdump -i mm -net -vv
Copyright © 2024 Pica8 Inc. All Rights Reserved.