Mirroring settings EcoRouter Documentation / Mirroring settings

Mirroring

Example of configuring the mirroring
Suspending of the mirroring
Show mirror-session rules

Mirroring

Mirroring is a function of duplicating packets from one or more ports (interfaces) to another, also called port monitoring or SPAN (Switched Port Analyzer in Cisco terminology). Basically, it is used to monitor all traffic for security purposes, or to evaluate the performance/load of network equipment using hardware.

In the EcoRouter concept, this function is implemented by software, and any physical network interface (port) of the router can be configured as the SPAN port.

Mirror-session

To configure the mirroring function, mirror-session configuration objects are used, which are located after the port descriptions. This configuration object includes the parameters described in the table below.

Parameter	Description
mirror-session <NAME>	The name of the traffic mirroring rule. Contains only digits
description	Description of the rule. Optional parameter
destination port <NAME>	Destination port for the mirrored traffic. It is strongly reccomended that the service-instance and the interface are not bound to this port (more about port, interface and service-instance you can read in Types of interfaces)
source <TYPE> <NAME> <PARAMETERS>	The source of the mirrored traffic. The source can be one of the following: port, interface, service-instance. One rule can have several sources. In that case they are specified from a new line. To delete one of the sources in mirror-session configuration use no source <TYPE> <NAME> command. The ability to configure mirroring rules while configuring the EcoRouter service-instance is described below
Source parameters
<DIRECTION>	Determines which traffic should be mirrored: tx – outgoing, rx – incoming, both – in both directions. For the service-instance the mirroring is possible only for incoming traffic (rx)
<TAG OPERATIONS>	Optional parameter. The tag operations can be used for the mirrored traffic. More about tags you can read in Service Instances
push <TAG1> <TAG2>	Add a tag or two. The upper tag is specified first. This operation is allowed for mirrored traffic from the interface or service-instance
pop <TAG NUMBER>	Remove one or two tags. Allowed number: 1 or 2. This operation is allowed for mirrored traffic from the service-instance
translate <TAG NUMBER 1>-to-<TAG NUMBER 2> <TAG>	Replace one tags with another. This operation is allowed for mirrored traffic from the service-instance

To create the mirroring rule is used mirror-session <NAME> command.

To delete the mirroring rule is used no mirror-session <NAME> command.

The sources can be specified not only during the mirroring rule configuration but also during configuration the source itself (port, interface, service-instance). For this the add-mirror-session <NAME> <DIRECTION> [TAG OPERATIONS] command is used in the context configuration mode.

The configured mirror-session must be defined at first. This command is not saved in the configuration, but is converted to the source parameter in the configuration section related to mirror-session.

Creating rule example:

ecorouter#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

ecorouter(config)#mirror-session 0

ecorouter(config-mirror)#destination port te1

The example of mirroring rule configuring in the port congiguration context:

ecorouter(config)#port te2

ecorouter(config-port)#add-mirror-session 0 both

The example of mirroring rule configuring in the interface congiguration context:

ecorouter(config)#interface e3

ecorouter(config-if)#add-mirror-session 0 tx push 107

The example of mirroring rule configuring in the service-instance congiguration context:

ecorouter(config)#port te3

ecorouter(config-port)#service-instance te3

ecorouter(config-service-instance)#add-mirror-session 0 rx push 100

Showing of the running configutation afte the above settings of the mirroring rules:

mirror-session 0

 destination port te1

 source port te2 both

 source interface e3 tx push 107

 source port te3 service-instance te3 rx push 100

Up to 8 mirroring rules can be created for one interface (port, interface or service-instance). In this case, the rules with traffic mirroring in both directions are considered to be double. A total of 1024 rules can be entered in the EcoRouter configuration.

Example of configuring the mirroring

Consider the example of configuring the mirroring for the router and the two client devices configured as shown in the diagram below.

In the EcoRouter configuration, the following service-instances conformances are configured:

port te2 – service-instance te2 – interface e2,

port te3 – service-instance te3 – interface e3.

EcoRouter configuration:

!
interface e2
 ip address 1.1.1.100/24
!
interface e3
 ip address 2.2.2.100/24
!
port te1
!
port te2
 service-instance te2
  encapsulation untagged
  connect ip interface e2
!
port te3
 service-instance te3
  encapsulation untagged
  connect ip interface e3
!

Below are a few examples of mirroring rules. In order for these rules not to be executed all together, you must either delete unnecessary rules, or suspend them, as described below in the Suspending Mirroring section..

Example of the rule #1

In the EcoRouter configuration, make the mirroring rule, in which all traffic from port te2 will be mirrored to port te1.

ecorouter(config)# mirror-session 0
ecorouter(config-mirror)# destination port te1
ecorouter(config-mirror)# source port te2 both

In the configuration output using the show run command, this rule will look like this:

!
mirror-session 0
 destination port te1
 source port te2 both

The work of the mirror-session 0 rule can be illustrated by running the command ping 1.1.1.100 from the client device Client 1 and tracking the change in the counter values for port te2 and port te1. The mirroring scheme implemented by the mirror-session 0 rule is shown below.

At the same time, if Client 1 sent 10 pings to EcoRouter and received 10 responses from it, the increment of counter values will be:

port te2
  Total received packets: 10
  Total transmitted packets:  10
port te1
  Total transmitted packets:  20

Example of the rule #2

In the EcoRouter configuration, add a mirroring rule, in which the incoming service-instance te3 traffic is mirrored to port te1.

ecorouter(config)# mirror-session 1
ecorouter(config-mirror)# destination port te1
ecorouter(config-mirror)# source port te3 service-instance te3 rx

In the configuration output using the show run command, this rule will look like this:

!
mirror-session 1
 destination port te1
 source port te3 service-instance te3 rx

The work of the mirror-session 1 rule can be illustrated by running the command ping 2.2.2.100 from the client device Client 2 and tracking the change in the counter values for port te3 and port te1. The mirroring scheme implemented by the mirror-session 1 rule is shown below.

At the same time, if Client 2 sent 10 pings to EcoRouter and received 10 responses from it, the increment of the counter values will be:

port te3
  Total received packets: 10
  Total transmitted packets:  10
port te1
  Total transmitted packets:  10

Example of the rule #3

In the EcoRouter configuration, add a mirroring rule, in which the outgoing interface e3 traffic is mirrored to port te1.

ecorouter(config)# mirror-session 2
ecorouter(config-mirror)# destination port te1
ecorouter(config-mirror)# source interface e3 tx

In the configuration output using the show run command, this rule will look like this:

!
mirror-session 2
 destination port te1
 source interface e3 tx

The work of the mirror-session 2 rule can be illustrated by running the command ping 2.2.2.100 from the client device Client 2 and tracking the change in the counter values for port te3 and port te1. The mirroring scheme implemented by the mirror-session 2 rule is shown below.

At the same time, if Client 2 sent 10 pings to EcoRouter and received 10 responses from it, the increment of the counter values will be:

interface e3
  Total received packets: 10
  Total transmitted packets:  10
port te1
  Total transmitted packets:  10

Suspending of the mirroring

In order to suspend the rule, the shutdown parameter is used. Example of parameter input:

ecorouter#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

ecorouter(config)#mirror-session 3

ecorouter(config-mirror)#shutdown

Restart the rule by removing the shutdown parameter using the no shutdown command.

ecorouter(config)#mirror-session 3

ecorouter(config-mirror)#no shutdown

Show mirror-session rules

The list of existing mirroring rules and their state is displayed by the show mirror-session rules command. This command is active in console mode.

Example output of the command:

ecorouter#show mirror-session rules

  Mirror session 0 is up

   10001.rx: rx port te2 -> port te1

   10001.tx: tx port te2 -> port te1

  Mirror session 1 is administratively down

   10031.rx: rx service instance te3/te3 -> port te1

  Mirror session 2 is administratively down

   6.tx: tx interface e3 -> port te1

You can use the show mirror-session [<name>] command to view the settings for mirroring rules and statistics for them. In the event that the name of the rule is not specified, the command displays information on all existing rules for viewing. This command operates in the console privileged mode.

Example output of the command:

ecorouter#show mirror-session

 Mirror session 0 is up

  Destination: port te1

  port te2 both

    rx packets 0, bytes 0

    tx packets 17, bytes 1022

 Mirror session 1 is up

  Destination: port te1

  service instance te3/3 rx

    rx packets 7, bytes 570

 Mirror session 2 is up

  Destination: port te1

  interface e3 tx

    tx packets 0, bytes 0

To reset the values of the mirroring rule counters, use the clear counters mirror-session [<name>] command. In the event that the rule name is not specified, the counters will be reset to all rules. This command operates in the console configuration mode.