2.5.1. Mirror Configuration Overview

7210 SAS node mirroring can be organized in the following logical entities:

2.5.1.1. Defining Mirrored Traffic

In some scenarios, or when multiple services are configured on the same port, specifying the port does not provide sufficient resolution to separate traffic. In -Nokia’s implementation of mirroring, multiple source mirroring parameters can be specified to further identify traffic.

Mirroring of packets matching specific filter entries in an IP or MAC filter can be applied to refine what traffic is mirrored to flows of traffic within a service. The IP criteria can be combinations of:

1. Source IP address/mask
2. Destination IP address/mask
3. IP Protocol value
4. Source port value (for example, UDP or TCP port)
5. Destination port value (for example, UDP or TCP port)
6. DiffServ Code Point (DSCP) value
7. ICMP code
8. ICMP type
9. IP fragments
10. TCP ACK set/reset
11. TCP SYN set/reset

The MAC criteria can be combinations of:

1. IEEE 802.1p value/mask
2. Source MAC address/mask
3. Destination MAC address/mask
4. Ethernet Type II Ethernet type value

Note: The list of packet fields that are available to match packets in IP and MAC ACLs for different platforms is different. For more information about the lists of packet fields available on different platforms, see the 7210 SAS-M, T, R6, R12, Mxp, Sx, S Router Configuration Guide.

2.6.1. Mirror Classification Rules

-The Nokia implementation of mirroring can be performed by configuring parameters to select network traffic according to any of the entities in this section.

2.6.1.4. IP filter

IP filters are configured in the config>filter>ip-filter context. The ip-filter command causes all the packets matching the explicitly defined list of entry IDs to be mirrored to the mirror destination specified by the service-id of the mirror source.

Ingress mirrored packets are mirrored to the mirror destination before any ingress packet modifications.

CLI Syntax:

debug>mirror-source# ip-filter ip-filter-id entry entry-id [entry-id …]

Example:

*A:ALA-A>debug>mirror-source# ip-filter 1 entry 20

Note: An IP filter cannot be applied to a mirror destination SAP.

2.7.1. Configuring a Local Mirror Service

To configure a local mirror service, the source and destinations must be located on the same router. Note that local mirror source and mirror destination components must be configured under the same service ID context.

The mirror-source commands are used as traffic selection criteria to identify traffic to be mirrored at the source. Each of these criteria are independent. For example, use the debug>mirror-source>port {port-id | lag lag-id} {[egress] [ingress]} command and debug>mirror-source ip-filter ip-filter-id entry entry-id [entry-id…] command to capture (mirror) traffic that matches a specific IP filter entry and traffic ingressing and egressing a specific port. A filter must be applied to the SAP or interface if only specific packets are to be mirrored.

Use the following syntax to configure one or more mirror source parameters.

The mirror-dest commands are used to specify where the mirrored traffic is to be sent. Use the following syntax to configure mirror destination parameters.

The following is a sample local mirrored service using a NULL SAP configuration output. On ALA-A, mirror service 103 is mirroring traffic matching IP filter 2, entry 1 as well as egress and ingress traffic on port 1/1/23 and sending the mirrored packets to SAP 1/1/24

The following is a sample local mirrored service using a dot1q SAP configuration output. User needs to configure a front-panel port for use with the mirroring application when the mirror destination is a Dot1q SAP or a Q1.* SAP, as follows.

The following is sample debug mirroring information.

2.7.2. Configuring a Remote Mirror Service

The source and destination are configured on different routers for remote mirroring. Note that mirror source and mirror destination parameters must be configured under the same service ID context.

Note: Remote mirroring using MPLS SDP is supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode.

The mirror-source commands are used as traffic selection criteria to identify traffic to be mirrored at the source. For example, use the port port-id [lag-id] {[egress] [ingress]} and mac-filter mac-filter-id entry entry-id [entry-id …] commands.

Use the syntax to configure one or more mirror source parameters.

The mirror-dest commands are used to specify where the mirrored traffic is to be sent, the forwarding class, and the size of the packet. Use the following syntax to configure mirror destination parameters.

Figure 6 shows the mirror destination, which is on ALA-A, configuration for mirror service 1216. This configuration specifies that the mirrored traffic coming from the mirror source (10.10.0.91) is to be directed to SAP /1/58 and states that the service only accepts traffic from far end 10.10.0.92 (ALA-B) with an ingress service label of 5678. When a forwarding class is specified, then all mirrored packets transmitted to the destination SAP or SDP override the default (be) forwarding class.

Figure 6:  Remote Mirrored Service Tasks 

The following example displays the CLI output showing the configuration of remote mirrored service 1216. The traffic ingressing and egressing port 1/1/60 on 10.10.0.92 (ALA-B) will be mirrored to the destination SAP 1/1/58:0 on ALA-A.

The following is a sample remote mirror destination configuring the front panel port with mirroring application.

The following is a sample mirror destination configuration output for mirror service 1216 on ALA-A.

The following is a sample remote mirror destination output configured on ALA-B.

The following is a sample mirror source configuration output for ALA-B.

The following is a sample SDP configuration output from ALA-A to ALA-B (SDP 2) and the SDP configuration output from ALA-B to ALA-A (SDP 4).

2.8.1. Modifying a Local Mirrored Service

Existing mirroring parameters can be modified in the CLI. The changes are applied immediately. The service must be shut down if changes to the SAP are made.

The following shows the command usage to modify parameters for a basic local mirroring service.

The following is a sample of the local mirrored service modifications.

2.8.2. Deleting a Local Mirrored Service

Existing mirroring parameters can be deleted in the CLI. A shutdown must be issued on a service level to delete the service. It is not necessary to shut down or remove SAP or port references to delete a local mirrored service.

The following shows the command usage to delete a local mirrored service.

2.8.3. Modifying a Remote Mirrored Service

Existing mirroring parameters can be modified in the CLI. The changes are applied immediately. The service must be shut down if changes to the SAP are made.

In the following example, the mirror destination is changed from 10.10.10.2 (ALA-B) to 10.10.10.3 (SR3). Note that the mirror-dest service ID on ALA-B must be shut down first before it can be deleted.

The following shows the command usage to modify parameters for a remote mirrored service.

2.8.4. Deleting a Remote Mirrored Service

Existing mirroring parameters can be deleted in the CLI. A shut down must be issued on a service level to delete the service. It is not necessary to shut down or remove SAP, or far-end references to delete a remote mirrored service.

To delete a mirror service, the spoke-SDP service has to be deleted from the service. Mirror destinations must be shut down first before they are deleted.

The mirror-destination service ID 105 was removed from the configuration on ALA-A and ALA-B, therefore, does not appear in the info command output.

Since the mirror destination was removed from the configuration on ALA-B, the port information was automatically removed from the debug mirror-source configuration.