2.10. Mirror Service Command Reference

This command creates a text description for a configuration context to help identify the content in the configuration file.

The no form of this command removes a description string from the context.

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files. Default administrative states for services and service entities are described in Special Cases.

The no form of this command administratively enables an entity.

This command enables the context to configure a service that is intended for packet mirroring. It is configured as a service to allow mirrored packets to be directed locally (within the same device), over the core of the network and have a far-end device decode the mirror encapsulation.

The mirror destination service is comprised of destination parameters that define where the mirrored packets are to be sent. It also specifies whether the service-id receives mirrored packets from far-end devices over the network core.

The mirror destination service IDs are persistent between boots of the router and are included in the configuration backups. The local sources of mirrored packets for the service ID are defined using the debug mirror mirror-source command that references the same service-id.

The mirror-dest command is used to create or edit a service ID for mirroring purposes. If the service-id does not exist within the context of all defined services, the mirror destination service is created and the context of the CLI is changed to that service ID. If the service-id exists within the context of defined mirror destination services, the CLI context is changed for editing parameters on that service ID. If the service-id exists within the context of another service type, an error message is returned and the CLI context is not changed from the current context.

The no form of this command removes a mirror destination from the system. The mirror-source associations with the mirror-dest service-id do not need to be removed or shutdown first. The mirror-dest service-id must be shut down before the service ID can be removed. When the service ID is removed, all mirror-source commands that have the service ID defined are also removed from the system.

This command enables the context to configure a service that is intended for packet mirroring. It is configured as a service to allow mirrored packets to be directed locally (within the same device), over the core of the network and have a far end device decode the mirror encapsulation.

The mirror destination service is comprised of destination parameters that define where the mirrored packets are to be sent. It also specifies whether the service-id receives mirrored packets from far-end devices over the network core.

The mirror destination service IDs are persistent between boots of the router and are included in the configuration backups. The local sources of mirrored packets for the service ID are defined using the debug mirror mirror-source command that references the same service-id.

The mirror-dest command is used to create or edit a service ID for mirroring purposes. If the service-id does not exist within the context of all defined services, the mirror destination service is created and the context of the CLI is changed to that service ID. If the service-id exists within the context of defined mirror destination services, the CLI context is changed for editing parameters on that service ID. If the service-id exists within the context of another service type, an error message is returned and the CLI context is not changed from the current context.

The no form of this command removes a mirror destination from the system. The mirror-source associations with the mirror-dest service-id do not need to be removed or shut down first. The mirror-dest service-id must be shut down before the service ID can be removed. When the service ID is removed, all mirror-source commands that have the service ID defined are also removed from the system.

This command configures a forwarding class for all mirrored packets transmitted to the destination SAP overriding the default (be) forwarding class. All packets are sent with the same class of service to minimize out-of-sequence issues. The mirrored packet does not inherit the forwarding class of the original packet.

When the destination is on a SAP, a single egress queue is created that pulls buffers from the buffer pool associated with the fc-name.

On the 7210 SAS-D and 7210 SAS-Dxp, all SAPs configured on a port use the port-based egress queues. If the mirror destination SAP (that is, dot1q SAP or a Q1.* SAP) is configured to share an uplink with service traffic, a mirrored copy of the traffic sent out of the dot1q or Q1.* SAP shares the port-based egress queues with the other service traffic. Users can assign the profile (in addition to the forwarding class) to the mirrored copy of the packets, so that during periods of congestion, the mirrored copy of the packets that is marked as out-of-profile is dropped before in-profile service traffic (and possibly in-profile mirrored traffic, if mirrored traffic is configured as in-profile). The profile determines the slope policy for the packet and determines the packet drop precedence. Marking, if enabled, determines the marking value used in the packet header.

On the 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C, the following QoS functionality is available for the mirror destination.

By default, the best effort (be) forwarding class is associated with the mirror-dest service ID, and the profile is out.

The no form of this command reverts the mirror-dest service ID forwarding class to the default forwarding class.

This command is used on a destination router in a remote mirroring solution. See the description of the remote-source command for additional information.

This command allows the definition of accepted remote sources for mirrored packets to this mirror-dest-service-id. If a far end router has not been specified, packets sent to the router are discarded.

This command defines a remote source that may send mirrored packets to this 7210 SAS for handling by this mirror-dest service-id.

The ing-svc-label keyword must be specified to manually define the expected ingress service label. This ingress label must also be manually defined on the far-end address through the mirror destination SDP binding keyword egr-svc-label.

The no form of this command deletes a far end address from the allowed remote senders to this mirror destination service. All far-end addresses are removed when the no remote-source command is executed. All signaled ingress service labels are withdrawn from the far end address affected. All manually defined ing-svc-label are removed.

This command configures remote devices to mirror traffic to this device for mirror service egress. Optionally, this command deletes all previously defined remote mirror ingress devices.

The remote-source context allows the creation of a “sniffer farm” to consolidate to a central location expensive packet capture and diagnostic tools. Remote areas of the access network can be monitored using service provisioning techniques.

Specific far-end routers can be specified using the far-end command, which allows them to use this router as the destination for the same mirror-dest-service-id.

The remote-source node allows the source of mirrored packets to be on remote 7210 SAS devices. The local 7210 SAS configures its network ports to forward packets associated with the service-id to the destination SAP. When remote-source far-end addresses are configured, an SDP is not allowed as a destination.

By default, the remote-source context contains no far-end addresses. When no far-end addresses have been specified, network remote devices are not allowed to mirror packets to the local 7210 SAS as a mirror destination. Packets received from unspecified far-end addresses are discarded at network ingress.

The no form of this command reverts the service-id to the default condition, which does not allow a remote 7210 SAS access to the mirror destination. The far-end addresses are removed without warning.

This command creates a service access point (SAP) within a mirror destination service. The SAP is owned by the mirror destination service ID.

The SAP is defined with port and encapsulation parameters to uniquely identify the (mirror) SAP on the interface and on the router. The specified SAP must define an Ethernet port with a null, dot1q, or a Q1.* encapsulation type.

Note: Before using a dot1q or Q1.* SAP, users must dedicate a port for the mirroring application using the config system loopback-no-svc-port command. This is required only for the 7210 SAS-Dxp. For more information about this command, refer to the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Interface Configuration Guide. On the 7210 SAS-D and 7210 SAS-Dxp, a Q1.Q2 SAP cannot be used as a mirror destination SAP when the access port encapsulation is set to qinq or on an access-uplink port. On the 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C, a Q1.Q2 SAP cannot be used as a mirror destination SAP when the access port encapsulation is set to qinq or on an access-uplink port.

Only one SAP can be created within a mirror-dest service ID. If the defined SAP has not been created on any service within the system, the SAP is created and the context of the CLI changes to the newly created SAP. In addition, the port cannot be a member of a multi-link bundle, LAG, APS group, or IMA bundle.

If the defined SAP exists in the context of another service ID, mirror destination, or any other type, an error is generated.

Mirror destination SAPs can be created on Ethernet interfaces that are defined as an access port or access-uplink port. If the interface is defined as network, the SAP creation returns an error.

When the no form of this command is used on a SAP created by a mirror destination service ID, the SAP with the specified port and encapsulation parameters is deleted.

This command specifies an existing service name, which adds a name identifier to a specified service. The service name can be used to reference the service in configuration and show commands. This helps the service provider or administrator identify and manage services.

All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a specific service after it is initially created.

This command binds an existing mirror SDP to the mirror destination service ID.

The operational state of the SDP dictates the operational state of the SDP binding to the mirror destination. If the SDP is shut down or operationally down, the SDP binding is down. When the binding is defined and the service and SDP are operational, the far-end router configured by the config service sdp sdp-id far-end command is considered part of the service ID.

Only one SDP can be associated with a mirror destination service ID. If a second sdp command is executed after a successful SDP binding, an error occurs and the command has no effect on the existing configuration. A no sdp command must be issued before a new SDP binding can be attempted.

An SDP is a logical mechanism that ties a far end router to a specific service without having to define the far-end SAP. Each SDP represents a method to reach a router.

The router supports the use of Multi-Protocol Label Switching (MPLS) encapsulation. Routers support both signaled and non-signaled LSPs (Label Switched Path) though the network. Non-signaled paths are defined at each hop through the network. Signaled paths are protocols communicated from end to end using RSVP. Paths may be manually defined, or a constraint based routing protocol (OSPF-TE or CSPF) can be used to determine the best path with specific constraints.

SDPs are created and then bound to services. Many services can be bound to a single SDP. The operational and administrative state of the SDP controls the state of the SDP binding to the service.

An egress service label (Martini VC-Label), used by the SDP to differentiate each service bound to the SDP to the far-end router, must be obtained manually or though signaling with the far end. If manually configured, it must match the ing-svc-label defined for the local router.

Note: When using remote mirroring with spoke-SDP configured as a mirror destination, users must allocate resources of another port for use by this features. See Configuration Guidelines for more information.

By default, no SDP ID is bound to a mirror destination service ID. If no SDP is bound to the service, the mirror destination is local and cannot be bound to another router over the core network.

The no form of this command removes the SDP binding from the mirror destination service. When removed, no packets are forwarded to the far-end (destination) router from that mirror destination service ID.

This command enables the context to configure spoke SDP egress parameters.

This command configures the spoke-SDP egress VC label.

This command enables the context to configure QoS egress policies for this SAP.

This command configures the QoS policy for the mirror destination SAP egress. The SAP egress QoS policy is specified using the policy-id parameter and must be configured before associating this policy with the SAP. The SAP egress policy can be configured using the commands under the config>qos>sap-egress context.

When a SAP egress policy is associated with the SAP configured as a mirror destination, the queue associated with FC specified with the config mirror mirror-dest fc CLI command is used for traffic sent out of the mirror destination SAP. The policy allows the user to specify the amount of buffer, the WRED policy, the shaping rate, and the marking values for the mirrored copy.

The no form of this command associates the default SAP egress QoS policy with the SAP.