There was a recent comment asking for some additional information about the limitations of port mirroring on the Nortel Ethernet Routing Switch 8600. Once I started writing my reply I realized that it was probably big enough to stand as it’s own post.
I’ve taken the following definition straight from the “Network Design Guidelines (Part No. 313197-E Rev 00 June 2006)” ;
Port mirroring is a diagnostic tool that can be used for troubleshooting and performing network traffic analysis. When using port mirroring, you have to specify a destination port to see mirrored traffic and specify the source ports from which traffic is mirrored. Unlike other methods used to analyze packet traffic, packets flow normally through the destination port and packet traffic is uninterrupted.
For those Cisco folks in the audience port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN) port.
There actually are quite a few different limitations and restrictions depending on the type of hardware you have in the ERS 8010 chassis and the version of software the switch is running. I’m going to limit myself to local port mirroring for this discussion but you can refer to my previous post on remote port mirroring.
- Ingress mirroring mirrors packets that only have valid CRCs
- Ingress mirroring is supported on all modules/cards
- Egress mirroring is only supported on E or M modules/cards
Note: You can identify the type of modules/cards you have in your ERS 8600 with the “show sys info card” command from the CLI interface.
Legacy Modules (Non-E/E/M modules)
In software release 3.2.2 and later the following limitations apply;
- The number of port mirroring entries that you can configure is between 1 and 383 and you can enable all entries simultaneously.
- The number of mirroring ports plus the number of mirrored ports cannot exceed 384 (this is the maximum number of ports available in an ERS 8600 switch).
- You can mirror ports supported by only the same OctaPID (group of eight 10/100 ports of a Gig port) to the same destination.
- You cannot mirror one port.
- You cannot mirror a port to multiple destinations.
- You can configure a maximum of 64 destination ports at one time.
On R modules you can configure one port mirroring entry for each lane on a module.
You can find a full list of OctaPID assignments at Nortel’s website.
Here are some examples. First let’s see what type of 8648TX card we have in slot 2;
ERS-8600:5# show sys info card Card Info : ... Slot 2 : FrontType : 48x100BaseTX-E FrontDescr : TX48 FrontAdminStatus: up FrontOperStatus : up FrontSerialNum : SSCHE40FQM FrontHwVersion : 05 FrontPartNumber : 202572A31 FrontDateCode : 12212001 FrontDeviations : BackType : BFM6 BackDescr : BFM6 BackSerialNum : SSCHG70ETO BackHwVersion : 05 BackPartNumber : 209536A11 BackDateCode : 12212001 BackDeviations :
It’s an E module so we can support both ingress and egress mirroring. Lets mirror port 2/48 to port 2/1 and we’ll place a packet sniffer (laptop with WireShark) on port 2/1.
ERS-8600:5# config diag mirror-by-port 1 ERS-8600:5/config/diag/mirror-by-port/1# create in-port 2/48 out-port 2/1 mode both enable true ERS-8600:5/config/diag/mirror-by-port/1# info Sub-Context: Current Context: create : enable : true mirrored-port : 2/48 mirroring-port : 2/1 mode : both delete : N/A remote-mirror-vlan-id : 0 ERS-8600:5/config/diag/mirror-by-port/1# box ERS-8600:5# show diag mirror ================================================================================ Diag Mirror-By-Port ================================================================================ ID MIRRORED_PORT MIRRORING_PORT ENABLE MODE REMOTE-MIRROR-VLAN-ID 1 2/48 2/1 true both 0
I generally find it’s a good idea to remove the destination port (mirroring-port) from any VLANs. This prevents broadcast traffic from that VLAN from contaminating the packet trace although you’ll still see STP BDUs since the port will still belong to a Spanning Tree group.