No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Port Mirroring Issue on ME60-X8s in a University

Publication Date:  2019-04-11 Views:  83 Downloads:  0

Issue Description

Device model: ME60-X8

Device version: V600R008C10SPC300

Patch version: V600R008SPH020

Target topology: A Sangfor audit device is added, and flows transmitted on the interface 5/0/0 connecting the ME60 to a China Telecom device are mirrored to the Sangfor audit device.

 

Core problem: port mirroring

(1) The ME60 does not have available 10GE interfaces but only a GE interface 4/0/23 and therefore fails to mirror all the traffic (1.5 Gbit/s during peak hours) sent to the China Telecom device.

(2) The interface 5/0/0 connecting the ME60 to the China Telecom device cannot be configured with outbound port mirroring when policy-based routing has been performed. According to the product document, it is confirmed that the board in slot 5 has hardware limitations and supports either redirection or port mirroring. The boards in slot 4 and slot 6 are 100G boards, which can be supported in the lab configuration.

Networking limitations: China Telecom does not allow addition of switches.

Handling Process


1. Analyze the core issue related to port mirroring.

    (1) The ME60 does not have available 10GE interfaces but only a GE interface 4/0/23 and therefore fails to mirror all the  traffic (1.5 Gbit/s during peak hours) sent to the China Telecom device.

    (2) The interface 5/0/0 connecting the ME60 to the China Telecom device cannot be configured with outbound port mirroring when policy-based routing has been performed. According to the product document, it is confirmed that the board in slot 5 has hardware limitations and supports either redirection or port mirroring. The boards in slot 4 and slot 6 are 100G boards, which can be supported in the lab configuration.

2. Change the interface topology.

3. Back up the collected information before port replacement.

interface GigabitEthernet5/0/0

               description to_chinanet_out

 undo shutdown

               ip address X.X.X.X X.X.X.X

               traffic-policy telecom_in inbound

  traffic-policy telecom_in outbound

interface GigabitEthernet4/1/0

               description to-shujuzhongxin

               undo shutdown

               ip address X.X.X.X X.X.X.X

               traffic-policy sjzx inbound

4. Configure port mirroring.

            Mirror flows on the interface 5/0/0 to the interface 4/0/23.

interface gigabitethernet4/0/23---Observing interface

undo shutdown

port-observing observe-index 4

slot 5

mirror to observe-index 4

interface gigabitethernet5/0/0---------Mirroring interface

undo shutdown

port-mirroring inbound

                             port-mirroring outbound


Solution

No new devices are required. After the interface is changed to the board in slot 4, both policy-based routing and port mirroring can be configured. This has great impact on services and not all traffic of the China Telecom device can be mirrored to the Sangfor audit device. 10GE boards of the ME60 need to be purchased for capacity expansion. After capacity expansion using the 10GE board, you can move interfaces on the China Telecom device to the new board for subsequent operations.

END