2.6. Configuring Service Mirroring with CLI
This section provides information about service mirroring.
2.6.1. Mirror Configuration Overview
7210 SAS mirroring can be organized in the following logical entities:
- The mirror source is defined as the location from where the traffic should be mirrored. A mirror source could be the ingress of a service entity or egress of a service entity. The list of mirror sources supported on a specific platform is listed in Table 6.
- A SAP is defined in local mirror services as the mirror destination to where the mirrored packets are sent.
- The 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C support remote mirroring. An SDP is used to define the mirror destination on the source router to point to a remote destination (another router).
2.6.1.1. Defining Mirrored Traffic
In some scenarios, or when multiple services are configured on the same port, specifying the port does not provide sufficient resolution to separate traffic. In the -Nokia implementation of mirroring, multiple source mirroring parameters can be specified to further identify traffic.
Mirroring of packets matching specific filter entries in an IP or MAC filter can be applied to refine what traffic is mirrored to flows of traffic within a service. The IP criteria can be combinations of:
- Source IP address/mask
- Destination IP address/mask
- IP Protocol value
- Source port value (for example, UDP or TCP port)
- Destination port value (for example, UDP or TCP port)
- DiffServ Code Point (DSCP) value
- ICMP code
- ICMP type
- IP fragments
- TCP ACK set/reset
- TCP SYN set/reset
The MAC criteria can be combinations of:
- IEEE 802.1p value/mask
- Source MAC address/mask
- Destination MAC address/mask
- Ethernet Type II Ethernet type value
 | Note: The list of packet fields that are available to match packets in IP and MAC ACLs for each platforms is different. For more information about the lists of packet fields available on each platforms, see the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Router Configuration Guide. |
2.7. Basic Mirroring Configuration
Destination mirroring parameters must include at least:
- A mirror destination ID (same as the mirror source service ID).
- A mirror destination SAP.
Mirror source parameters must include at least:
- A mirror service ID (same as the mirror destination service ID).
- At least one source type (port, SAP, IP filter or MAC filter) specified.
The following is a sample configuration output of a local mirrored service (ALA-A).
The following is a sample mirror source configuration output.
2.7.1. Mirror Classification Rules
-The Nokia implementation of mirroring can be performed by configuring parameters to select network traffic according to any of the following entities:
2.7.1.1. Port
The port command associates a port to a mirror source. The port is identified by the port ID. The defined port can be Ethernet or a Link Aggregation Group (LAG) ID. When a LAG ID is specified as the port ID, mirroring is enabled on all ports making up the LAG.
Mirror sources can be ports in either access or access uplink mode. Port mirroring is supported in the combinations listed in Table 6.
Table 6: Mirror Source Port Requirements
Port Type | Port Mode | Port Encap Type | Platforms |
Ethernet | access | null, dot1q and QinQ | 7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, 7210 SAS-K 3SFP+ 8C |
Ethernet | access uplink | qinq | 7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, 7210 SAS-K 3SFP+ 8C |
Ethernet | network mode | null, dot1q | 7210 SAS-K 2F6C4T, 7210 SAS-K 3SFP+ 8C |
2.7.1.2. SAP
More than one SAP can be associated within a single mirror-source. Each SAP has its own ingress parameter keyword to define which packets are mirrored to the mirror-dest service ID. A SAP that is defined within a mirror destination cannot be used in a mirror source.
For 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, or 7210 SAS-K 3SFP+ 8C:
2.7.1.3. MAC filter
MAC filters are configured in the config>filter>mac-filter context. The mac-filter command causes all the packets matching the explicitly defined list of entry IDs to be mirrored to the mirror destination specified by the service-id of the mirror source.
2.7.1.4. IP filter
IP filters are configured in the config>filter>ip-filter context. The ip-filter command causes all the packets matching the explicitly defined list of entry IDs to be mirrored to the mirror destination specified by the service-id of the mirror source.
Ingress mirrored packets are mirrored to the mirror destination before any ingress packet modifications.
| Note: IP and MAC filters cannot be applied to a mirror destination SAP. |
2.8. Common Configuration Tasks
This section provides a brief overview of the tasks that must be performed to configure local mirror services and provides CLI command syntax. Note that the local mirror source and mirror destination components must be configured under the same service ID context.
Each local mirrored service (Figure 5) (within the same router) requires the following configurations:
- Specify mirror destination (SAP).
- Specify mirror source (port, SAP, IP filter, MAC filter).
Figure 5: Local Mirrored Service Tasks
2.8.1. Configuring a Local Mirror Service
To configure a local mirror service, the source and destinations must be located on the same router. Note that local mirror source and mirror destination components must be configured under the same service ID context.
The mirror-source commands are used as traffic selection criteria to identify traffic to be mirrored at the source. Each of these criteria are independent. For example, use the debug>mirror-source>port {port-id | lag lag-id} {[egress] [ingress]} command and debug>mirror-source ip-filter ip-filter-id entry entry-id [entry-id…] command to capture (mirror) traffic that matches a specific IP filter entry and traffic ingressing and egressing a specific port. A filter must be applied to the SAP or interface if only specific packets are to be mirrored.
Use the following syntax to configure one or more mirror source parameters.
The mirror-dest commands are used to specify where the mirrored traffic is to be sent. Use the following syntax to configure mirror destination parameters.
The following output displays an example of a local mirrored service using a NULL SAP. On ALA-A, mirror service 103 is mirroring traffic matching IP filter 2, entry 1 as well as egress and ingress traffic on port 1/1/23 and sending the mirrored packets to SAP 1/1/24
The following output displays an example of local mirrored service using a dot1q SAP. User needs to configure a front-panel port for use with the mirroring application when the mirror destination is a Dot1q SAP or a Q1.* SAP, as follows.
| Note:
|
The following is sample debug mirroring information.
2.8.2. Configuring a Remote Mirror Service
The source and destination are configured on different routers for remote mirroring. The mirror source and mirror destination parameters must be configured under the same service ID context.
| Note: Remote mirroring using MPLS SDPs is only supported on the 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C platforms. It is not supported on platforms operating in access-uplink mode. |
The mirror-source commands are used as traffic selection criteria to identify traffic to be mirrored at the source. For example, use the port port-id [lag-id] {[egress] [ingress]} and mac-filter mac-filter-id entry entry-id [entry-id …] commands.
Use the following syntax to configure one or more mirror source parameters.
The mirror-dest commands are used to specify where the mirrored traffic is to be sent, the forwarding class, and the size of the packet. Use the following syntax to configure mirror destination parameters.
Figure 6 shows the mirror destination, which is on ALA-A, configuration for mirror service 1216. This configuration specifies that the mirrored traffic coming from the mirror source (10.10.0.91) is to be directed to SAP 1/58 and states that the service only accepts traffic from far end 10.10.0.92 (ALA-B) with an ingress service label of 5678. When a forwarding class is specified, then all mirrored packets transmitted to the destination SAP or SDP override the default (be) forwarding class.
Figure 6: Remote Mirrored Service Tasks
The following example displays the CLI output showing the configuration of remote mirrored service 1216. The traffic ingressing and egressing port 1/1/60 on 10.10.0.92 (ALA-B) will be mirrored to the destination SAP 1/1/58:0 on ALA-A.
The following is a sample remote mirror destination output configuring the front panel port with mirroring application.
The following is a sample mirror destination configuration output for mirror service 1216 on ALA-A.
The following is a sample remote mirror destination output configured on ALA-B.
The following is a sample mirror source configuration output for ALA-B.
The following is a sample SDP configuration from ALA-A to ALA-B (SDP 2) and the SDP configuration from ALA-B to ALA-A (SDP 4).
2.9. Service Management Tasks
This section describes the following service management tasks:
Use the following syntax to modify an existing mirrored service.
2.9.1. Modifying a Local Mirrored Service
Existing mirroring parameters can be modified in the CLI. The changes are applied immediately. The service must be shut down if changes to the SAP are made.
The following shows the command usage to modify parameters for a basic local mirroring service.
The following is a sample of local mirrored service modifications output.
2.9.2. Deleting a Local Mirrored Service
Existing mirroring parameters can be deleted in the CLI. A shutdown must be issued on a service level to delete the service. It is not necessary to shut down or remove SAP or port references to delete a local mirrored service.
The following shows the command usage to delete a local mirrored service.