No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, NETCONF, OpenFlow, LLDP, NQA, Mirroring, Packet Capture, Packet Trace, Path and Connectivity Detection Configuration, NetStream, sFlow, and iPCA.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for Mirroring

Licensing Requirements and Limitations for Mirroring

This section provides the points of attention when configuring mirroring.

Involved Network Elements

Other network elements are not required.

Licensing Requirements

Mirroring is a basic feature of a switch and is not under license control.

Version Requirements

Table 9-1 Products and minimum version supporting mirroring

Product Model

Minimum Version Required

CE8860EI

V100R006C00

CE8861EI

V200R005C10

CE8868EI

V200R005C10

CE8850-32CQ-EI

V200R002C50

CE8850-64CQ-EI

V200R005C00

CE7850EI

V100R003C00

CE7855EI

V200R001C00

CE6810EI

V100R003C00

CE6810-48S4Q-LI/CE6810-48S-LI

V100R003C10

CE6810-32T16S4Q-LI/CE6810-24S2Q-LI

V100R005C10

CE6850EI

V100R001C00

CE6850-48S6Q-HI

V100R005C00

CE6850-48T6Q-HI/CE6850U-HI

V100R005C10

CE6851HI

V100R005C10

CE6855HI

V200R001C00

CE6856HI

V200R002C50

CE6857EI

V200R005C10

CE6860EI

V200R002C50

CE6865EI

V200R005C00

CE6870-24S6CQ-EI/CE6870-48S6CQ-EI

V200R001C00

CE6870-48T6CQ-EI

V200R002C50

CE6875EI

V200R003C00

CE6880EI

V200R002C50

CE5810EI

V100R002C00

CE5850EI

V100R001C00

CE5850HI

V100R003C00

CE5855EI

V100R005C10

CE5880EI

V200R005C10

Mirroring Specifications

  • Observing Port Specifications

    In V100R006C00 and earlier versions, the switch can have a maximum of eight observing ports configured but can use at most two observing ports at a time. Each observing port can be used to copy both inbound and outbound traffic on a mirrored port.

    In V200R001C00 and later versions, a switch can have a maximum of eight observing ports configured. A CE6880EI, CE6870EI, CE6875EI, or CE5880EI switch can use at most eight observing ports at a time, while other switch models can use at most four observing ports at a time. Each observing port on a CE6880EI, CE6870EI, CE6875EI, or CE5880EI switch can be used to copy both inbound and outbound traffic on a mirrored port. On a switch rather than the CE6880EI, CE6870EI, CE6875EI, and CE5880EI, the maximum numbers of available observing ports for inbound and outbound traffic are calculated separately. For example, when the same observing port is specified for both inbound and outbound traffic, the remaining number of available observing ports for inbound and outbound traffic is 2, not 3.

    The CE6870EI or CE6875EI also supports observing port groups and can have at most 128 observing port groups configured, but can use at most eight observing port groups at a time. Each observing port group contains at most 64 member ports. An observing port group is a group of observing ports. Packets copied to an observing port group will be copied to all its member ports.

  • 1:N Mirroring Specifications

    In 1:N mirroring, packets on one mirrored port are copied to N observing ports.

    In port mirroring, 1:N mirroring is supported, in which N indicates the number of available observing ports on the switch. For CE series switches except the CE6875EI and CE6870EI, 1:N mirroring is not supported in traffic mirroring or VLAN mirroring.

    For the CE5810EI, packets in the same direction of a mirrored port can be copied to at most two observing ports at a time.

    Packets in the same direction of a mirrored port can only be copied to either an observing port or an observing port group.

    Packets in the same direction of a mirrored port can be copied to only one observing port group.

  • N:1 Mirroring Specifications

    In N:1 mirroring, packets on N mirrored ports are copied to one observing port.

    The switch supports N:1 mirroring.

  • M:N Mirroring Specifications

    In M:N mirroring, packets on M mirrored ports are copied to N observing ports. An M:N mirroring rule is equivalent to multiple 1:N mirroring rules.

    The switch supports M:N mirroring.

Feature Limitations

  • Since V200R001C00, by default, the switch supports only local mirroring and does not support remote mirroring (including Layer 2 remote mirroring RSPAN and Layer 3 remote mirroring ERSPAN). If you want to enable remote mirroring on the switch, the switch must have the plug-in of the required version installed.

    You can download the plug-in and the Plug-in Operation Guide in either of the following ways:

    After the switch is upgraded from a version earlier than V200R001C00 to V200R001C00 or later, the remote mirroring configuration will be lost on the switch.

  • Mirroring traffic occupies the forwarding bandwidth of the switch. During full-load traffic forwarding on cards, enabling the mirroring function may cause packet loss due to insufficient forwarding capability.

  • To prevent information loss during mirroring, configure ports of the same type as observing and mirrored ports and set the same bandwidth for the observing and mirrored ports. If the bandwidth of an observing port is smaller than that of a mirrored port, information may be lost on the observing port during mirroring.

  • To prevent other services from conflicting with mirroring services, do not configure other services on observing ports. In V200R003C00 and later versions, if you need to configure other services on observing ports of the CE6870EI and CE6875EI, run the observe-port filter enable command in the system view to enable the observing port filter.

  • In V200R002C50 and earlier versions, the CE6880EI does not support Layer 3 remote mirroring.

  • When configuring Layer 2 remote port mirroring, do not use a remote mirroring VLAN to transmit other service packets. You are advised to run the mac-address learning disable command in the VLAN view on the device that forwards mirrored packets to disable MAC address learning of the remote mirroring VLAN.

  • A port cannot be configured as both a mirrored port and an observing port. An Ethernet port or Eth-Trunk can be configured as a mirrored port. An Eth-Trunk member port cannot be configured as an observing port.

  • For CE series switches except the CE6870EI, CE6875EI, CE6880EI, and CE5880EI, when an Eth-Trunk functions as an observing port, the Eth-Trunk can have at most eight member ports.

  • If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as mirrored ports.

    If a member port of an Eth-Trunk is configured as a mirrored port, the Eth-Trunk cannot be configured as a mirrored port.

  • The following ports cannot be added to an observing port group:
    • Mirrored port

    • Observing port

    • Eth-Trunk member port

    • Stack physical member port

  • A member port added to an observing port group cannot be configured as an observing port.

  • For CE series switches except the CE6875EI, CE6870EI, CE6880EI, and CE5880EI, if the mirrored port is an access port, the outbound packets mirrored to an observing port carry VLAN tags, and are different from original packets.

  • For CE series switches except the CE6875EI, CE6870EI, CE6880EI, and CE5880EI, the following configurations in the outbound direction of a mirrored port do not take effect for mirrored traffic:

    • Configure an ACL in which the rule is deny.

    • Configure traffic policing.

    • Configure WRED profiles.

    • Configure the traffic shaping rate.

    • Configure the queue scheduling mode.

    Outbound packets discarded on the mirrored port are still mirrored to the observing port.

  • For the CE6850HI, CE6850U-HI, CE6851HI, CE6857EI, CE6860EI, CE6865EI, CE7850EI, CE7855EI, CE8850EI, CE8861EI, CE8868EI, and CE8860EI, in a VXLAN distributed gateway scenario, if the enhanced mode of the VXLAN gateway is loopback and MQC-based traffic mirroring is applied globally, an observing port will receive multiple copies of mirrored packets.

  • If port mirroring is configured on a port of the CE6870EI or CE6875EI and traffic statistics are collected in the inbound direction of the VLAN to which this port is added, traffic statistics of this port are twice the actual values.

  • On the CE6880EI and CE5880EI, NetStream and port mirroring can be configured on the same interface, and NetStream does not conflict with MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring.

    On the CE6875EI or CE6870EI:
    • When inbound NetStream sampling is configured to use snoop resources, you can configure port mirroring and inbound NetStream on the same interface, and inbound NetStream does not conflict with MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring.
    • When inbound NetStream sampling is not configured to use snoop resources, port mirroring and NetStream cannot be configured on the same interface, and NetStream conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After NetStream is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the NetStream and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
    On other models:
    • NetStream and port mirroring cannot be configured on the same interface. NetStream conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After NetStream is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the NetStream and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.

    • Mirrored packets cannot be sampled.

  • If NetStream or sFlow has been configured on an Eth-Trunk, port mirroring cannot be configured on the member ports of the Eth-Trunk. If port mirroring has been configured on member ports of an Eth-Trunk, NetStream or sFlow cannot be configured on the Eth-Trunk.

  • Port mirroring, VLAN mirroring, MQC-based traffic mirroring, and simplified traffic mirroring conflict with each other. Therefore, do not configure them on the same port. If port mirroring, VLAN mirroring, MQC-based traffic mirroring, and simplified traffic mirroring are configured on the same port, only one of them takes effect.
  • On the CE6870EI or CE6875EI, the packets discarded by ports or denied by ACLs can be mirrored but cannot be counted if the switch meets the following conditions:
    • Port mirroring or MQC-based traffic mirroring is configured.
    • MQC-based traffic statistics collection is configured.
  • On the CE6870EI or CE6875EI, the following services are in descending order of priority: M-LAG unidirectional isolation, MQC (traffic policing, traffic statistics, and packet filtering), querying the outbound interface of packets with specified 5-tuple information, source MAC address, and destination MAC address, local VLAN mirroring, sFlow, NetStream, and statistics on the VLANIF interface. When the services are configured on an interface in the outbound direction, the service with the highest priority takes effect. For example, when both packet filtering and statistics on the VLANIF interface are configured on the VLANIF interface, packet filtering takes effect.

    For sFlow and NetStream, the preceding limitations apply to only Layer 2 and Layer 3 sub-interfaces.

  • For CE series switches except the CE6875EI, CE6870EI, CE6880EI, and CE5880EI, the inbound VLAN mirroring function cannot mirror packets terminated by tunnels (such as TRILL, MPLS, VXLAN, GRE tunnels).

  • For CE series switches except the CE6875EI, CE6870EI, CE6880EI, and CE5880EI, when outbound mirroring is performed on TRILL unicast packets sent from the user side to the network side, the source MAC address, destination MAC address, and VLAN ID encapsulated in the packets received by the observing port are all 0s, but service data is correct.

  • After the assign forward mode cut-through command is configured on the CE8860EI, CE8850EI, or CE6860EI, outbound and inbound port mirroring or VLAN mirroring cannot be configured on the same observing port.

  • When outbound encapsulated VXLAN packets on VXLAN tunnel encapsulation devices (CE series switches except the CE6880EI, CE6875EI, CE6870EI, and CE5880EI) are mirrored, the following situations occur: The mirrored multicast, broadcast, and unknown unicast packets are not encapsulated; the destination MAC address, source MAC address, and VLAN ID encapsulated in the mirrored known unicast packets are all 0s, and original packets are correct.

  • For CE series switches except the CE6880EI, CE6875EI, CE6870EI, and CE5880EI, the DSCP, IP Precedence, 802.1p, and MPLS EXP fields in mirrored outbound packets are the values of the corresponding fields in the original packets.
  • When outbound traffic on a VXLAN tunnel endpoint (a CE switch other than the CE6870EI or CE6875EI) is mirrored, inbound multicast traffic and unknown unicast traffic are also mirrored. To prevent this problem, mirror inbound traffic on the other end of the tunnel. This operation prevents inbound multicast traffic and unknown unicast traffic from being mirrored.

  • On a CE series switch rather than the CE6880EI and CE5880EI, when outbound mirroring is performed on Layer 3 main interfaces, mirrored packets will carry the VLAN ID, which is the reserved VLAN ID and defaults to 4064.

  • During mirroring of inbound packets on fabric ports of an SVF parent switch, only Layer 2 unicast packets can be copied in hybrid forwarding mode; mirroring is not supported in centralized forwarding mode.

  • On the CE6875EI or CE6870EI:
    • When inbound flow sampling is configured to use snoop resources, port mirroring and inbound flow sampling can be configured on the same interface, and inbound port mirroring and outbound flow sampling can also be configured on the same interface. Outbound flow sampling conflicts with outbound MQC-based traffic mirroring and outbound VLAN mirroring. After outbound flow sampling is configured on an interface, do not configure any outbound MQC-based traffic mirroring or outbound VLAN mirroring to contain this interface. If the outbound flow sampling and outbound mirroring functions (outbound MQC-based traffic mirroring or outbound VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
    • When inbound flow sampling is not configured to use snoop resources, port mirroring and flow sampling cannot be configured on the same interface, and flow sampling conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After flow sampling is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the flow sampling and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
  • On other models:
    • Flow sampling conflicts with port mirroring, and they cannot be configured on the same interface. Flow sampling conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After flow sampling is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the flow sampling and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
    • Mirrored packets cannot be sampled.
  • Unknown TRILL unicast packets are mirrored on the device that decapsulates TRILL packets.
  • For CE series switches except the CE6875EI and CE6870EI, outbound port mirroring cannot mirror packets sent by hosts.
  • When a CE series switch rather than the CE6880EI and CE5880EI mirrors reassembled fragmented packets, fragmented packets sent from ports are mirrored in port mirroring and reassembled packets are mirrored in traffic mirroring.
  • For CE series switches except the CE6875EI, CE6870EI, CE6880EI, and CE5880EI, when outbound mirroring is configured on a port and broadcast, multicast, and unknown unicast packets are sent, only one copy of the packets can be mirrored.
  • The switch does not support mirroring of packets sent to the CPU.
  • To perform inbound VLAN mirroring for packets that require VLAN mapping, configure inbound VLAN mirroring in the VLAN view after performing VLAN mapping. Mirrored packets are original packets before VLAN mapping.
  • For the CE8868EI, CE8861EI, CE8860EI, CE8850EI, CE6860EI, CE6865EI, and CE6857EI, mirrored packets sent from an observing port occupy the priority queue of the forwarded packets. For other CE series switches, mirrored packets sent from an observing port always occupy queue 0.
  • When the CE6875EI or CE6870EI is an intermediate node of a VXLAN tunnel and simplified traffic mirroring is configured for VXLAN packets, the VXLAN packets cannot be mirrored if the inner VXLAN packets carry VLAN tags.
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075365

Views: 33840

Downloads: 121

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next