No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, sFlow, and NETCONF.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for Mirroring

Licensing Requirements and Limitations for Mirroring

This section provides the points of attention when configuring mirroring.

Involved Network Elements

Other network elements are not required.

Licensing Requirements

Mirroring is a basic feature of a switch and is not under license control.

Version Requirements

Table 8-1 Products and minimum version supporting mirroring

Product Model

Minimum Version Required

CE12804/CE12808/CE12812

V100R001C00

CE12816

V100R003C00

CE12804S/CE12808S

V100R005C00

CE12804E/CE12808E/CE12816E

V200R002C50

Mirroring Specifications

  • Observing Port Specifications

    A CE12800 or a CE12800E that has the ED-E/EG-E/EGA-E series cards installed can have a maximum of eight observing ports configured and use all these observing ports at a time. Each observing port can be used to copy both inbound and outbound traffic on a mirrored port.

    A CE12800E that has the FD-X series cards installed can have a maximum of eight observing ports configured but can use at most four observing ports at a time. The maximum numbers of available observing ports for inbound and outbound traffic are calculated separately. For example, when the same observing port is specified for both inbound and outbound traffic, the remaining number of available observing ports for inbound and outbound traffic is 2, not 3.

    Since V100R003C00, the CE12800 has supported a maximum of 128 observing port groups, but can use at most eight observing port groups at a time. Each observing port group contains at most 64 member ports. An observing port group is a group of observing ports. Packets copied to an observing port group will be copied to all its member ports.

    The CE12800E does not support observing port groups.

  • 1:N Mirroring Specifications

    In 1:N mirroring, packets on one mirrored port are copied to N observing ports.

    The switch supports 1:N mirroring, in which N indicates the number of observing ports on the switch.

    For the CE12800E, 1:N mirroring is not supported in traffic mirroring or VLAN mirroring.

    Packets in the same direction of a mirrored port can only be copied to either an observing port or an observing port group.

    Packets in the same direction of a mirrored port can be copied to only one observing port group.

  • N:1 Mirroring Specifications

    In N:1 mirroring, packets on N mirrored ports are copied to one observing port.

    The switch supports N:1 mirroring.

  • M:N Mirroring Specifications

    In M:N mirroring, packets on M mirrored ports are copied to N observing ports. An M:N mirroring rule is equivalent to multiple 1:N mirroring rules.

    The switch supports M:N mirroring.

Feature Limitations

  • Since V200R001C00, by default, the switch supports only local mirroring and does not support remote mirroring (including Layer 2 remote mirroring RSPAN and Layer 3 remote mirroring ERSPAN). If you want to enable remote mirroring on the switch, the switch must have the plug-in of the required version installed.

    You can download the plug-in and the Plug-in Operation Guide in either of the following ways:

    After the switch is upgraded from a version earlier than V200R001C00 to V200R001C00 or later, the remote mirroring configuration will be lost on the switch.

  • Mirroring traffic occupies the forwarding bandwidth of the switch. During full-load traffic forwarding on cards, enabling the mirroring function may cause packet loss due to insufficient forwarding capability.

  • The outbound port mirroring function is implemented through internal loopback interfaces. After this function is configured, the forwarding performance of cards may be reduced.

  • To prevent information loss during mirroring, configure ports of the same type as observing and mirrored ports and set the same bandwidth for the observing and mirrored ports. If the bandwidth of an observing port is smaller than that of a mirrored port, information may be lost on the observing port during mirroring.

  • To prevent other services from conflicting with mirroring services, do not configure other services on observing ports. In V200R003C00 and later versions, if you need to configure other services on observing ports of the CE12800 or cards except CE-L48GT-EA, CE-L48GT-EC, CE-L48GS-EA, CE-L48GS-EC, CE-L24XS-BA, CE-L24XS-EA, CE-L48XS-BA, CE-L48XS-EA and CE-L24LQ-EA, run the observe-port filter enable command in the system view to enable the observing port filter.

  • In V200R002C50 and earlier versions, the CE12800E does not support Layer 3 remote mirroring.

  • The switch supports inter-card mirroring. That is, the observing port and mirrored port can be located on different cards of a switch.

  • In V100R003C00 and earlier versions, GE ports cannot be configured as observing ports for Layer 2 remote mirroring. In V100R003C10 and later versions, GE ports can.

  • In a stack system of the following cards, inter-chassis mirroring is not supported: CE-L48GT-EA, CE-L48GT-EC, CE-L48GS-EA, CE-L48GS-EC, CE-L24XS-BA, CE-L24XS-EA, CE-L48XS-BA, CE-L48XS-EA, CE-L24LQ-EA, CE-L48GT-ED, CE-L48GS-ED, CE-L12XS-ED, CE-L24XS-EC, CE-L24XS-ED, CE-L48XT-EC, CE-L48XS-EC, CE-L48XS-ED, CE-L48XS-EF, CE-L02LQ-EC, CE-L06LQ-EC, CE-L12LQ-EF, CE-L24LQ-EC, CE-L24LQ-EC1, CE-L36LQ-EG, CE-L04CF-EC, CE-L04CF-EF, CE-L08CC-EC, and CE-L12CF-EG. If inter-chassis mirroring is configured, mirrored traffic cannot be forwarded.

    In a stack system of other series cards, inter-chassis mirroring is supported.

  • Since V200R001C00, in a stack, packets that are not mirrored from one chassis to another will not be copied to stack ports in order to save stack bandwidth. In this case, you do not need to run the multicast forwarding optimization command to prevent these packets from being copied to stack ports.

  • When configuring Layer 2 remote port mirroring, do not use a remote mirroring VLAN to transmit other service packets. You are advised to run the mac-address learning disable command in the VLAN view on the device that forwards mirrored packets to disable MAC address learning of the remote mirroring VLAN.

  • A port cannot be configured as both a mirrored port and an observing port. An Ethernet port or Eth-Trunk can be configured as a mirrored port. An Eth-Trunk member port cannot be configured as an observing port.

  • For the CE12800E that has the FD-X series cards installed, when an Eth-Trunk functions as an observing port, the Eth-Trunk can have at most eight member ports.

  • If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as mirrored ports.

    If a member port of an Eth-Trunk is configured as a mirrored port, the Eth-Trunk cannot be configured as a mirrored port.

  • The following ports cannot be added to an observing port group:
    • Mirrored port

    • Observing port

    • Eth-Trunk member port

    • Stack physical member port

  • A member port added to an observing port group cannot be configured as an observing port.

  • For the CE12800E that has the FD-X series cards installed, if the mirrored port is an access port, the outbound packets mirrored to an observing port carry VLAN tags, and are different from original packets.

  • For the CE12800E that has the FD-X series cards installed, the following configurations in the outbound direction of a mirrored port do not take effect for mirrored traffic:

    • Configure an ACL in which the rule is deny.

    • Configure traffic policing.

    • Configure WRED profiles.

    • Configure the traffic shaping rate.

    • Configure the queue scheduling mode.

    Outbound packets discarded on the mirrored port are still mirrored to the observing port.

  • When a traffic policy with deny and traffic mirroring behaviors is applied to the outbound direction of a port, the traffic mirroring behavior does not take effect.

  • If a mirrored port and an observing port are added to the same port isolation group in which the isolation mode is Layer 2 isolation, inbound traffic on the mirrored port is isolated and cannot reach the observing port, but outbound traffic on the mirrored port is not isolated and can reach the observing port.

  • The EA series LPUs and EC series LPUs (at the rate of GE) remove the first 16 bytes from mirrored EVN and VXLAN packets. For other series of LPUs, the switch will remove the 16 bytes from the header of EVN and VXLAN packets only when the card interoperability mode is set to non-enhanced mode using the undo set forward capability enhanced command and the NVO3 service extension function is disabled using the undo assign forward nvo3 service extend enable command.

  • For the CE12800's EA, EC, EC1, ED, EF, EG, and BA series cards, in a VXLAN distributed gateway scenario, if the enhanced mode of the VXLAN gateway is loopback and MQC-based traffic mirroring is applied globally, an observing port will receive multiple copies of mirrored packets.

  • In V200R001C00 and later versions, if port mirroring is configured on a port of the CE12800 and traffic statistics are collected in the inbound direction of the VLAN to which this port is added, traffic statistics of this port are twice the actual values.

  • After ED-E, EG-E, and EGA-E series cards are installed on a CE12800E, NetStream and port mirroring can be configured on the same interface, and NetStream does not conflict with MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring.

    After FD-X series cards are installed on a CE12800E, NetStream and port mirroring cannot be configured on the same interface. NetStream conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After NetStream is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the NetStream and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.

    On a CE12800:
    • When inbound NetStream sampling is configured to use snoop resources, you can configure port mirroring and inbound NetStream on the same interface, and inbound NetStream does not conflict with MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring.
    • When inbound NetStream sampling is not configured to use snoop resources, port mirroring and NetStream cannot be configured on the same interface, and NetStream conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After NetStream is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the NetStream and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
  • If NetStream or sFlow has been configured on an Eth-Trunk, port mirroring cannot be configured on the member ports of the Eth-Trunk. If port mirroring has been configured on member ports of an Eth-Trunk, NetStream or sFlow cannot be configured on the Eth-Trunk.

  • Port mirroring, VLAN mirroring, MQC-based traffic mirroring, and simplified traffic mirroring conflict with each other. Therefore, do not configure them on the same port. If port mirroring, VLAN mirroring, MQC-based traffic mirroring, and simplified traffic mirroring are configured on the same port, only one of them takes effect.
  • On the CE12800, the packets discarded by ports or denied by ACLs can be mirrored but cannot be counted if the switch meets the following conditions:
    • Port mirroring or MQC-based traffic mirroring is configured.
    • MQC-based traffic statistics collection is configured.
  • On the CE12800, the following services are in descending order of priority: M-LAG unidirectional isolation, MQC (traffic policing, traffic statistics, and packet filtering), querying the outbound interface of packets with specified 5-tuple information, source MAC address, and destination MAC address, local VLAN mirroring, sFlow, NetStream, and statistics on the VLANIF interface or Layer 3 sub-interface. When the services are configured on an interface in the outbound direction, the service with the highest priority takes effect. For example, when both packet filtering and statistics on the VLANIF interface are configured on the VLANIF interface, packet filtering takes effect.

    For sFlow and NetStream, the preceding limitations apply to all interfaces in V100R005C10 and earlier versions and only Layer 2 and Layer 3 sub-interfaces in V100R006C00 and later versions.

  • For the CE12800E that has the FD-X series cards installed, the inbound VLAN mirroring function cannot mirror packets terminated by tunnels (such as TRILL, MPLS, VXLAN, GRE tunnels).

  • The traffic in the same direction of all active ports in a specified VLAN can only be mirrored to either an observing port or an observing port group.

  • When outbound encapsulated VXLAN packets on VXLAN tunnel encapsulation devices (CE12800E that has the FD-X series cards installed) are mirrored, the following situations occur: The mirrored multicast, broadcast, and unknown unicast packets are not encapsulated; the destination MAC address, source MAC address, and VLAN ID encapsulated in the mirrored known unicast packets are all 0s, and original packets are correct.

  • For the CE12800E that has the FD-X series cards installed, the DSCP, IP Precedence, 802.1p, and MPLS EXP fields in mirrored outbound packets are the values of the corresponding fields in the original packets.
  • When outbound traffic on a VXLAN tunnel endpoint (CE12800E with FD-X series cards installed) is mirrored, inbound multicast traffic and unknown unicast traffic are also mirrored. To prevent this problem, mirror inbound traffic on the other end of the tunnel. This operation prevents inbound multicast traffic and unknown unicast traffic from being mirrored.

  • On the CE12800, when outbound mirroring is performed on Layer 3 main interfaces, mirrored packets will carry the VLAN ID, which is the reserved VLAN ID and defaults to 4064.

  • On the CE12800E (configured with FD-X series cards):
    • Flow sampling conflicts with port mirroring, and they cannot be configured on the same interface. Flow sampling conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After flow sampling is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the flow sampling and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
    • Mirrored packets cannot be sampled.
  • On a CE12800:
    • When inbound flow sampling is configured to use snoop resources, port mirroring and inbound flow sampling can be configured on the same interface, and inbound port mirroring and outbound flow sampling can also be configured on the same interface. Outbound flow sampling conflicts with outbound MQC-based traffic mirroring and outbound VLAN mirroring. After outbound flow sampling is configured on an interface, do not configure any outbound MQC-based traffic mirroring or outbound VLAN mirroring to contain this interface. If the outbound flow sampling and outbound mirroring functions (outbound MQC-based traffic mirroring or outbound VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
    • When inbound flow sampling is not configured to use snoop resources, port mirroring and flow sampling cannot be configured on the same interface, and flow sampling conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After flow sampling is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the flow sampling and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
  • Unknown TRILL unicast packets are mirrored on the device that decapsulates TRILL packets.
  • For CE12800E series switches, outbound port mirroring cannot mirror packets sent by hosts.
  • When a CE12800E that has ED-E, EG-E, or EGA-E series cards installed mirrors reassembled fragmented packets, fragmented packets sent from ports are mirrored in port mirroring and reassembled packets are mirrored in traffic mirroring.
  • For the CE12800E that has the FD-X series cards installed, when outbound mirroring is configured on a port and broadcast, multicast, and unknown unicast packets are sent, only one copy of the packets can be mirrored.
  • When configuring a port on one of the following cards as an observing port, remove the port from all VLANs: CE-L48GT-EA, CE-L48GT-EC, CE-L48GS-EA, CE-L48GS-EC, CE-L24XS-BA, CE-L24XS-EA, CE-L48XS-BA, CE-L48XS-EA, CE-L24LQ-EA, CE-L48GT-ED, CE-L48GS-ED, CE-L12XS-ED, CE-L24XS-EC, CE-L24XS-ED, CE-L48XT-EC, CE-L48XS-EC, CE-L48XS-ED, CE-L48XS-EF, CE-L02LQ-EC, CE-L06LQ-EC, CE-L12LQ-EF, CE-L24LQ-EC, CE-L24LQ-EC1, CE-L36LQ-EG, CE-L04CF-EC, CE-L04CF-EF, CE-L08CC-EC, and CE-L12CF-EG
  • The switch does not support mirroring of packets sent to the CPU.
  • To perform inbound VLAN mirroring for packets that require VLAN mapping, configure inbound VLAN mirroring in the VLAN view after performing VLAN mapping. Mirrored packets are original packets before VLAN mapping.
  • When the CE12800 is an intermediate node of a VXLAN tunnel and simplified traffic mirroring is configured for VXLAN packets, the VXLAN packets cannot be mirrored if the inner VXLAN packets carry VLAN tags.
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075344

Views: 30426

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next