The remote mirroring capability on VDS helps you send traffic from a virtual machine running on one host to a virtual machine on another host for debugging or monitoring purposes. As shown in the diagram below, traffic from a monitored VM on Host 1 is sent through multiple physical switches to an Analyzer VM on Host 2. For this setup to work, you have to perform configuration at various levels as shown by the numbered red circles in the diagram.
RSPAN Deployment Diagram
The two hosts in this diagram are connected to two different distributed switches (VDS1 and VDS2), but you can configure this setup on a single VDS as well. The remote mirroring configuration steps can be broken down into two main parts:
1) VDS configuration
2) Physical Switch configuration
During the VDS configuration, you will see that there are two options to choose from while defining a remote mirroring session. The first is Remote Mirroring source and another is Remote Mirroring destination.
Before I describe the difference between the two session types and when to use which type, I want to address the two main components of any mirror session setup – Source port and Destination Port. The Source port defines which traffic you would like to monitor and the Destination port defines where you want the traffic to be sent.
In the normal Switch Port Analyzer (SPAN) or distributed port mirroring session type, the source and destination ports are on the same host. Please take a look at the use case and configuration described in the blog here.
With remote mirroring session type there is one more additional parameter required along with the usual source and destination ports. That parameter is called Encapsulation VLAN or RSPAN VLAN. This is a special VLAN, which is also configured on physical switches to carry mirror traffic across the layer 2 network.
After those basics on mirror session, let’s talk about the difference between remote mirroring source and remote mirroring destination options on VDS. The remote mirroring source session allows you to define a session that can send traffic to a RSPAN VLAN. On the other hand, the remote mirroring destination session collects traffic from RSPAN VLAN and forwards it to a destination port. These two options are useful in different types of debugging scenarios. Here are some of the scenarios:
1) When you want to send virtual machine traffic to a Physical analyzer device connected on a physical switch port then configure remote mirroring source session. Please refer to the blog post here for this use case.
2) When you want to centrally monitor the RSPAN VLAN traffic on a virtual machine running on a host then configure remote mirroring destination session.
We will now move our attention to the scenario shown in the RSPAN Deployment diagram above, and provide configuration details for the VDS and Physical switches.
VDS1 and VDS2 configuration ( Red circle numbered 1 and 4 )
In this scenario, you have to configure both remote mirroring session types. For the remote mirroring source configuration on VDS1 please refer to the blog here. We will cover how to configure remote mirroring destination on VDS2.
As shown in the diagram below, select the “Remote mirroring destination” option and click next.
Remote Mirroring Destination Config. – Screen1
The next step in the configuration process is enabling the port mirror session status and selecting Normal I/O along with mirror traffic.
Remote Mirroring Destination Config – Screen2
As shown below, you have to select the source of the traffic that is monitored in this session. You have to provide RSPAN VLAN ID in the pop up window. In this example we have configured VLAN 400 as RSPAN VLAN or “Encapsulation VLAN ID” so enter that VLAN number.
Remote Mirroring Destination Config – Screen 3
After selecting the VLAN number as the source, it is time to select the destination port where the packets will be sent. As shown in the diagram below select the virtual machine’s port where you will monitor all the mirror traffic in RSPAN VLAN.
Remote Mirroring Destination Config. – Screen 4
Finally, click ok and complete the remote mirroring destination session.
Physical Switch S1 and S2 configuration ( Red circle numbered 2 and 3 )
You have to make sure that these two physical switches are configured with the same RSPAN VLAN 400. Here are the RSPAN specific configuration details on both switches.
After this configuration, you will be able to monitor Host 1 virtual machine’s traffic on the Host 2 virtual machine.
VDS also supports ERSPAN capability where you will not require any configuration changes on the physical switches. You just need the IP address of the destination virtual machine or analyzer. Just select the “Encapsulated Remote Mirroring (L3) source” option for the session type and walk step-by-step through the wizard. For the source select the ports you want to monitor and for the destination enter the IP address of the virtual machine or analyzer.
With this post, I have covered all the important port mirroring options on VDS. Make use of this feature whenever you see any networking issue in your environment or want to monitor any traffic. Let me know if you have any questions. Thanks for reading.
Get notification of these blogs postings and more VMware Networking information by following me on Twitter: @VMWNetworking
