No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, sFlow, and NETCONF.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Local Traffic Mirroring

Configuring Local Traffic Mirroring

Context

In local traffic mirroring, packets of a specified service flow that passes through a port are copied to observing ports, which then send the packets to their directly connected monitoring devices.

The switch also supports observing port groups. An observing port group contains multiple member ports. When an observing port group is configured for packet mirroring, packets mirrored to the observing port group are copied to all its member ports.

NOTE:
  • The CE12800E does not support observing port groups.

  • When packet monitoring is not required, you are advised to cancel the mirroring configuration to reduce the system cost.

  • To prevent other services from conflicting with mirroring services, you are advertised not to configure other services on observing ports. To configure other services on observing ports, run the observe-port filter enable command in the system view to enable the observing port filter.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure a local observing port or an observing port group.

    • Configuring a local observing port

      1. Run observe-port [ observe-port-index ] interface interface-type interface-number [ cir cir-value [ kbps | mbps | gbps ] ]

        A local observing port is configured.

        By default, no local observing port is configured.

        NOTE:

        Only the CE12800E that has the ED-E, EG-E, and EGA-E series cards installed supports the cir cir-value [ kbps | mbps | gbps ] parameter.

    • Configuring an observing port group

      1. Run observe-port group group-id

        The observing port group is configured and the observing port group view is displayed.

        By default, no observing port group is configured.

      2. Run group-member { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8>

        The member ports are added to the observing port group.

      3. Run quit

        Exit from the observing port group view.

  3. (Optional) Run observe-port filter enable

    The observing port filter is enabled.

    By default, after a port is configured as an observing port, the port filter is disabled.

    NOTE:
    • The CE12800E does not support this function.

    • CE-L48GT-EA, CE-L48GT-EC, CE-L48GS-EA, CE-L48GS-EC, CE-L24XS-BA, CE-L24XS-EA, CE-L48XS-BA, CE-L48XS-EA and CE-L24LQ-EA cards do not support this function.

  4. Configure a mirrored port and packet matching rules.

    Two methods are available: simplified traffic mirroring and MQC-based traffic mirroring. Simplified traffic mirroring is easy to configure and applies to configuration delivery and management in FabricInsight. MQC-based traffic mirroring is complex to configure but has rich and detailed packet matching rules.

    Simplified traffic mirroring

    • Configure simplified traffic mirroring globally.
      1. Run traffic-mirroring [ vxlan [ tag-format { none | single } ] ] { tcp-flag { ack | fin | psh | rst | syn | urg } * } observe-port observe-port-index &<1-8> inbound [ slot slot-id ]

        Simplified traffic mirroring is configured globally.

        By default, simplified traffic mirroring is not configured globally.

        NOTE:

        Multiple observe-port-index parameters cannot be specified on the CE12800E simultaneously.

      2. Run commit

        The configuration is committed.

    • Configure simplified traffic mirroring on an interface.
      1. Run interface interface-type interface-number

        The interface view is displayed.

      2. Run traffic-mirroring [ vxlan [ tag-format { none | single } ] ] { tcp-flag { ack | fin | psh | rst | syn | urg } * } observe-port observe-port-index &<1-8> inbound

        Simplified traffic mirroring is configured on the specified interface.

        By default, simplified traffic mirroring is not configured on an interface.

        NOTE:

        Multiple observe-port-index parameters cannot be specified on the CE12800E simultaneously.

        Simplified traffic mirroring cannot be configured in the port group view.

        If simplified traffic mirroring is configured in both the system view and interface view, the configuration in the interface view takes effect.

      3. Run commit

        The configuration is committed.

    MQC-based traffic mirroring

    1. Configure a traffic classifier.
      1. Run traffic classifier classifier-name [ type { and | or } ]

        A traffic classifier is created and the traffic classifier view is displayed, or the view of an existing traffic classifier is displayed.

        and is the logical operator between the rules in a traffic classifier, which means that:
        • If a traffic classifier contains ACL rules, packets match the traffic classifier only if they match one ACL rule and all the non-ACL rules.

        • If a traffic classifier does not contain any ACL rules, packets match the traffic classifier only if they match all the rules in the classifier.

        The logical operator or means that packets match a traffic classifier if they match one or more rules in the classifier.

        By default, the relationship between rules in a traffic classifier is or.

      2. Run if-match

        Matching rules are defined for the traffic classifier.

        For details about matching rules in a traffic classifier, see "Configuring a Traffic Classifier" in "MQC Configuration" of the CloudEngine 12800 and 12800E Series Switches Configuration Guide - QoS Configuration Guide.

      3. Run commit

        The configuration is committed.

      4. Run quit

        Exit from the traffic classifier view.

    2. Configure a traffic behavior.
      1. Run traffic behavior behavior-name

        A traffic behavior is created and the traffic behavior view is displayed, or the view of an existing traffic behavior is displayed.

      2. Run mirroring observe-port observe-port-index &<1-8> [ random-packets random-packets ]

        Or run mirroring observe-port group group-id

        The traffic matching the rules is mirrored to the specified observing port or observing port group.

      3. Run commit

        The configuration is committed.

      4. Run quit

        Exit from the traffic behavior view.

    3. Configure a traffic policy.
      1. Run traffic policy policy-name

        A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.

      2. Run classifier classifier-name behavior behavior-name [ precedence precedence-value ]

        A traffic behavior is bound to a traffic classifier in the traffic policy.

      3. Run commit

        The configuration is committed.

      4. Run quit

        Exit from the traffic policy view.

      5. Run quit

        Exit from the system view.

    4. Apply the traffic policy.
      NOTE:
      • For the CE12800 and the CE12800E equipped with FD-X series cards, run the display traffic-policy pre-state { global [ slot slot-id ] | interface { interface-type interface-number } | vlan vlan-id | bridge-domain bd-id } policy-name { inbound | outbound } command before committing the configuration to check the information about resources occupied by the traffic policy to be applied and determine whether the traffic policy can be successfully applied based on the information.

      • Mirroring is supported only in the outbound direction when a traffic policy is applied to a VLANIF interface.

      • Mirroring is not supported when a traffic policy is applied to a VBDIF interface or Layer 2 sub-interface.

      • IPv6 packets cannot be mirrored when a traffic policy is applied to a Layer 3 sub-interface.

      • You cannot apply a traffic policy to a VSI on the CE12800E.

      • For details about the configuration guidelines of applying traffic policies in different views on the CE12800, see Licensing Requirements and Limitations for MQC (CE12800).

      • For details about the configuration guidelines of applying traffic policies in different views on the CE12800E, see Licensing Requirements and Limitations for MQC (CE12800E).

      • If a traffic policy needs to be applied to multiple VLANs and interfaces or multiple traffic classifiers for matching packets from different source IP addresses need to be bound to the same traffic policy, you are advised to add these VLANs, source IP addresses, and interfaces to the same QoS group and apply the traffic policy to the QoS group.
      • Applying a traffic policy to an interface
        1. Run system-view

          The system view is displayed.

        2. Run interface interface-type interface-number

          The interface view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the interface.

        4. Run commit

          The configuration is committed.

      • Applying a traffic policy to a VLAN
        1. Run system-view

          The system view is displayed.

        2. Run vlan vlan-id

          The VLAN view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the VLAN.

          The system applies traffic policing to the packets that belong to the VLAN and match traffic classification rules in the inbound or outbound direction.

        4. Run commit

          The configuration is committed.

      • Applying a traffic policy to the system or an LPU
        1. Run system-view

          The system view is displayed.

        2. Run traffic-policy policy-name global [ slot slot-id ] { inbound | outbound }

          A traffic policy is applied to the system or an LPU.

        3. Run commit

          The configuration is committed.

      • (For CE12800) Applying a traffic policy to a VSI
        1. Run system-view

          The system view is displayed.

        2. Run vsi vsi-name

          The VSI view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the VSI.

        4. Run commit

          The configuration is committed.

      • Applying a traffic policy to a BD
        1. Run system-view

          The system view is displayed.

        2. Run bridge-domain bd-id

          The BD view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the BD.

        4. Run commit

          The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075344

Views: 20796

Downloads: 22

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next