mirror-dest service-id [type encap-type] [mirror-source-type mirror-source-type] [create]
no mirror-dest
config>mirror
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures a service that is intended for packet mirroring. It is configured as a service to allow mirrored packets to be directed locally (within the same device), over the core of the network and have a far-end device decode the mirror encapsulation.
The mirror destination service is comprised of destination parameters that define where the mirrored packets are to be sent. It also specifies whether the service-id receives mirrored packets from far-end devices over the network core.
The mirror destination service IDs are persistent between boots of the router and are included in the configuration backups. The local sources of mirrored packets for the service ID are defined using the debug mirror mirror-source command that references the same service-id.
The mirror-dest command is used to create or edit a service ID for mirroring purposes. If the service-id does not exist within the context of all defined services, the mirror destination service is created and the context of the CLI is changed to that service ID. If the service-id exists within the context of defined mirror destination services, the CLI context is changed for editing parameters on that service ID. If the service-id exists within the context of another service type, an error message is returned and the CLI context is not changed from the current context.
The no form of this command removes a mirror destination from the system. The mirror-source associations with the mirror-dest service-id do not need to be removed or shutdown first. The mirror-dest service-id must be shut down before the service ID can be removed. When the service ID is removed, all mirror-source commands that have the service ID defined are also removed from the system.
Specifies the service in the service domain. This ID is unique to this service and cannot be used by any other service, regardless of service type. The same service ID must be configured on every device where this service is defined.
If a particular service ID already exists for a service, the same value cannot be used to create a mirror destination service ID with the same value. For example, if an Epipe with service-id 11 exists, a mirror destination with service-id 11 cannot be created.
Specifies the encapsulation type supported by the mirror service.
Specifies scaling of mirror services that can be used only with remote mirror sources, while limiting the mirror services that can be used by local mirror sources or by both local and remote mirror sources. See Mirror sources and destinations for more information.
mirror-dest service-id [type mirror-type] [create]
no mirror-dest
config>mirror
7210 SAS-D, 7210 SAS-Dxp, and 7210 SAS-K 2F1C2T
This command configures a service that is intended for packet mirroring. It is configured as a service to allow mirrored packets to be directed locally (within the same device), over the core of the network and have a far end device decode the mirror encapsulation.
The mirror destination service is comprised of destination parameters that define where the mirrored packets are to be sent. It also specifies whether the service-id receives mirrored packets from far-end devices over the network core.
The mirror destination service IDs are persistent between boots of the router and are included in the configuration backups. The local sources of mirrored packets for the service ID are defined using the debug mirror mirror-source command that references the same service-id.
The mirror-dest command is used to create or edit a service ID for mirroring purposes. If the service-id does not exist within the context of all defined services, the mirror destination service is created and the context of the CLI is changed to that service ID. If the service-id exists within the context of defined mirror destination services, the CLI context is changed for editing parameters on that service ID. If the service-id exists within the context of another service type, an error message is returned and the CLI context is not changed from the current context.
The no form of this command removes a mirror destination from the system. The mirror-source associations with the mirror-dest service-id do not need to be removed or shut down first. The mirror-dest service-id must be shut down before the service ID can be removed. When the service ID is removed, all mirror-source commands that have the service ID defined are also removed from the system.
Specifies the service in the service domain. This ID is unique to this service and cannot be used by any other service, regardless of service type. The same service ID must be configured on every device where this service is defined.
If a particular service ID already exists for a service, the same value cannot be used to create a mirror destination service ID with the same value. For example, if an Epipe with service-id 11 exists, a mirror destination with service-id 11 cannot be created.
Specifies the encapsulation type supported by the mirror service.
fc fc-name [profile profile]
no fc
config>mirror>mirror-dest
Supported on all 7210 SAS platforms as described in this document
This command configures a forwarding class for all mirrored packets transmitted to the destination SAP overriding the default (be) forwarding class. All packets are sent with the same class of service to minimize out-of-sequence issues. The mirrored packet does not inherit the forwarding class of the original packet.
When the destination is on a SAP, a single egress queue is created that pulls buffers from the buffer pool associated with the fc-name.
On the 7210 SAS-D and 7210 SAS-Dxp, all SAPs configured on a port use the port-based egress queues. If the mirror destination SAP (that is, dot1q SAP or a Q1.* SAP) is configured to share an uplink with service traffic, a mirrored copy of the traffic sent out of the dot1q or Q1.* SAP shares the port-based egress queues with the other service traffic. Users can assign the profile (in addition to the forwarding class) to the mirrored copy of the packets, so that during periods of congestion, the mirrored copy of the packets that is marked as out-of-profile is dropped before in-profile service traffic (and possibly in-profile mirrored traffic, if mirrored traffic is configured as in-profile). The profile determines the slope policy for the packet and determines the packet drop precedence. Marking, if enabled, determines the marking value used in the packet header.
On the 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C, the following QoS functionality is available for the mirror destination.
A mirror destination that is a SAP on an access-uplink port uses port-based egress queues, which are shared by all the SAPs configured on the port. If the mirror destination SAP is configured to share an access-uplink port with service traffic, a mirrored copy of the traffic sent out of the port shares the port-based egress queues with other service traffic (and possibly in-profile mirrored traffic, if mirrored traffic is configured as in-profile). Users can assign the profile (in addition to the forwarding class) to the mirrored copy of the packets, so that during periods of congestion, the mirrored copy of the packets that is marked as out-of-profile is dropped before in-profile service traffic (and possibly in-profile mirrored traffic, if mirrored traffic is configured as in-profile). The profile determines the slope policy for the packet and determines the packet drop precedence. Marking, if enabled, determines the marking value used in the packet header.
A mirror destination that is a SAP on an access port uses per-SAP egress queues. In this case, a SAP is dedicated for use as a mirror destination. Users can assign the profile (in addition to the forwarding class) to the mirrored copy of the packets, so that during periods of congestion, the mirrored copy of the packets that is marked as out-of-profile is dropped before in-profile service traffic (and possibly in-profile mirrored traffic, if mirrored traffic is configured as in-profile). The profile determines the slope policy for the packet and determines the packet drop precedence. Marking, if enabled, determines the marking value used in the packet header
If the mirror destination is a SDP on an network port (applicable only to the 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C), it uses per-port egress queues. Users can assign the profile (in addition to the forwarding class) to the mirrored copy of the packets, so that during periods of congestion, the mirrored copy of the packets that is marked as out-of-profile is dropped before in-profile service traffic (and possibly in-profile mirrored traffic, if mirrored traffic is configured as in-profile). The profile determines the slope policy for the packet and determines the packet drop precedence. Marking, if enabled, determines the marking value used in the packet header.
By default, the best effort (be) forwarding class is associated with the mirror-dest service ID, and the profile is out.
The no form of this command reverts the mirror-dest service ID forwarding class to the default forwarding class.
fc be profile out
Specifies the name of the forwarding class with which to associate mirrored service traffic. The forwarding class name must already be defined within the system. If the fc-name does not exist, an error is returned, and the fc command has no effect. If the fc-name exists, the forwarding class associated with fc-name overrides the default forwarding class.
Specifies the profile to assign to a mirrored copy of the service traffic. The profile is used to determine the slope policy for the packet and the packet drop precedence. Marking, if enabled, determines the marking value used in the packet header. A value of in marks the traffic as in-profile traffic and results in the use of high slope parameters. A value of out marks the traffic as out-of-profile and results in the use of low slope parameters.
far-end ip-address [vc-id vc-id] [ing-svc-label ing-vc-label | tldp]
no far-end ip-addr
config>mirror>mirror-dest>remote-source
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command is used on a destination router in a remote mirroring solution. See the description of the remote-source command for more information.
This command allows the definition of accepted remote sources for mirrored packets to this mirror-dest-service-id. If a far end router has not been specified, packets sent to the router are discarded.
This command defines a remote source that may send mirrored packets to this 7210 SAS for handling by this mirror-dest service-id.
The ing-svc-label keyword must be specified to manually define the expected ingress service label. This ingress label must also be manually defined on the far-end address through the mirror destination SDP binding keyword egr-svc-label.
The no form of this command deletes a far end address from the allowed remote senders to this mirror destination service. All far-end addresses are removed when the no remote-source command is executed. All signaled ingress service labels are withdrawn from the far end address affected. All manually defined ing-svc-label are removed.
Specifies the service IP address (system IP address) of the remote device sending mirrored traffic to this mirror destination service. If 0.0.0.0 is specified, any remote device is allowed to send to this service.
Specifies the virtual circuit identifier.
Specifies the ingress service label for mirrored service traffic on the far-end device for manually configured mirror service labels.
The ing-svc-label parameter is entered into the ingress service label table and ingress packets with this service label are handled by this mirror destination service.
The ing-svc-label must not be used for any other service ID and must match the far-end expected specific egr-svc-label for this 7210 SAS. It must be within the range specified for manually configured service labels defined on this 7210 SAS. It may be reused for other far end addresses on this mirror-dest-service-id.
Keyword to specify the label is obtained through signaling via the LDP.
[no] remote-source
config>mirror>mirror-dest
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures remote devices to mirror traffic to this device for mirror service egress. Optionally, this command deletes all previously defined remote mirror ingress devices.
The remote-source context allows the creation of a ‟sniffer farm” to consolidate to a central location expensive packet capture and diagnostic tools. Remote areas of the access network can be monitored using service provisioning techniques.
Specific far-end routers can be specified using the far-end command, which allows them to use this router as the destination for the same mirror-dest-service-id.
The remote-source node allows the source of mirrored packets to be on remote 7210 SAS devices. The local 7210 SAS configures its network ports to forward packets associated with the service-id to the destination SAP. When remote-source far-end addresses are configured, an SDP is not allowed as a destination.
By default, the remote-source context contains no far-end addresses. When no far-end addresses have been specified, network remote devices are not allowed to mirror packets to the local 7210 SAS as a mirror destination. Packets received from unspecified far-end addresses are discarded at network ingress.
The no form of this command reverts the service-id to the default condition, which does not allow a remote 7210 SAS access to the mirror destination. The far-end addresses are removed without warning.
sap sap-id [create]
no sap
config>mirror>mirror-dest
Supported on all 7210 SAS platforms as described in this document
This command creates a service access point (SAP) within a mirror destination service. The SAP is owned by the mirror destination service ID.
The SAP is defined with port and encapsulation parameters to uniquely identify the (mirror) SAP on the interface and on the router. The specified SAP must define an Ethernet port with a null, dot1q, or a Q1.* encapsulation type.
Before using a dot1q or Q1.* SAP, users must dedicate a port for the mirroring application using the config system loopback-no-svc-port command. This is required only for the 7210 SAS-Dxp. For more information about this command, see the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Interface Configuration Guide.
On the 7210 SAS-D and 7210 SAS-Dxp, a Q1.Q2 SAP cannot be used as a mirror destination SAP when the access port encapsulation is set to qinq or on an access-uplink port.
On the 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C, a Q1.Q2 SAP cannot be used as a mirror destination SAP when the access port encapsulation is set to qinq or on an access-uplink port.
Only one SAP can be created within a mirror-dest service ID. If the defined SAP has not been created on any service within the system, the SAP is created and the context of the CLI changes to the newly created SAP. In addition, the port cannot be a member of a multi-link bundle, LAG, APS group, or IMA bundle.
If the defined SAP exists in the context of another service ID, mirror destination, or any other type, an error is generated.
Mirror destination SAPs can be created on Ethernet interfaces that are defined as an access port or access-uplink port. If the interface is defined as network, the SAP creation returns an error.
When the no form of this command is used on a SAP created by a mirror destination service ID, the SAP with the specified port and encapsulation parameters is deleted.
Specifies the physical port identifier portion of the SAP definition. See Common CLI command descriptions for command syntax.
service-name service-name
no service-name
config>mirror>mirror-dest
Supported on all 7210 SAS platforms as described in this document
This command specifies an existing service name, which adds a name identifier to a specified service. The service name can be used to reference the service in configuration and show commands. This helps the service provider or administrator identify and manage services.
All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a specific service after it is initially created.
Specifies a unique service name of up to 64 characters to identify the service. Service names may not begin with an integer (0 through 9).
spoke-sdp sdp-id:vc-id [create] [no-endpoint]
spoke-sdp sdp-id:vc-id [create] endpoint name
no sdp sdp-id:vc-id
config>mirror>mirror-dest
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command binds an existing mirror SDP to the mirror destination service ID.
The operational state of the SDP dictates the operational state of the SDP binding to the mirror destination. If the SDP is shut down or operationally down, the SDP binding is down. When the binding is defined and the service and SDP are operational, the far-end router configured by the config service sdpsdp-idfar-end command is considered part of the service ID.
Only one SDP can be associated with a mirror destination service ID. If a second sdp command is executed after a successful SDP binding, an error occurs and the command has no effect on the existing configuration. A no sdp command must be issued before a new SDP binding can be attempted.
An SDP is a logical mechanism that ties a far end router to a specific service without having to define the far-end SAP. Each SDP represents a method to reach a router.
The router supports the use of Multi-Protocol Label Switching (MPLS) encapsulation. Routers support both signaled and non-signaled LSPs (Label Switched Path) though the network. Non-signaled paths are defined at each hop through the network. Signaled paths are protocols communicated from end to end using RSVP. Paths may be manually defined, or a constraint based routing protocol (OSPF-TE or CSPF) can be used to determine the best path with specific constraints.
SDPs are created and then bound to services. Many services can be bound to a single SDP. The operational and administrative state of the SDP controls the state of the SDP binding to the service.
An egress service label (Martini VC-Label), used by the SDP to differentiate each service bound to the SDP to the far-end router, must be obtained manually or though signaling with the far end. If manually configured, it must match the ing-svc-label defined for the local router.
When using remote mirroring with spoke-SDP configured as a mirror destination, users must allocate resources of another port for use by this features. See Configuration guidelines for more information.
By default, no SDP ID is bound to a mirror destination service ID. If no SDP is bound to the service, the mirror destination is local and cannot be bound to another router over the core network.
The no form of this command removes the SDP binding from the mirror destination service. When removed, no packets are forwarded to the far-end (destination) router from that mirror destination service ID.
Specifies a locally unique SDP ID. The SDP ID must exist. If the SDP ID does not exist, an error occur and the command does not execute.
Specifies the virtual circuit identifier. For mirror services, the vc-id defaults to the service-id. However, there are scenarios where the vc-id is being used by another service. In this case, the SDP binding cannot be created. To avoid this, the mirror service SDP bindings now accept vc-ids.
Specifies the name of the endpoint associated with the SAP.
Keyword that removes the association of a SAP or a SDP with an explicit endpoint name.
egress
config>mirror>mirror-dest>spoke-sdp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
Commands in this context configure spoke SDP egress parameters.
vc-label egress-vc-label
no vc-label [egress-vc-label]
config>mirror>mirror-dest>spoke-sdp>egress
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the spoke-SDP egress VC label.
Specifies a VC egress value that indicates a specific connection.
egress
config>mirror>sap
7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C
Commands in this context configure QoS egress policies for this SAP.
[no] qos policy-id
config> mirror> sap> egress
7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C
This command configures the QoS policy for the mirror destination SAP egress. The SAP egress QoS policy is specified using the policy-id parameter and must be configured before associating this policy with the SAP. The SAP egress policy can be configured using the commands under the config>qos>sap-egress context.
When a SAP egress policy is associated with the SAP configured as a mirror destination, the queue associated with FC specified with the config mirror mirror-dest fc CLI command is used for traffic sent out of the mirror destination SAP. The policy allows the user to specify the amount of buffer, the WRED policy, the shaping rate, and the marking values for the mirrored copy.
The no form of this command associates the default SAP egress QoS policy with the SAP.
no qos
Specifies the QoS policy to associate with SAP egress. The QoS policy referred to by the policy-id is configured using the config qos sap-egress command.