Monitoring Traffic
This chapter includes the following sections:
Traffic
Monitoring
Traffic monitoring
copies traffic from one or more sources and sends the copied traffic to a
dedicated destination port for analysis by a network analyzer. This feature is
also known as Switched Port Analyzer (SPAN).
Important:
You can monitor or
use SPAN on port channels only for ingress traffic.
Type of
Session
When you create a
traffic monitoring session, you can choose either an Ethernet or Fibre Channel
destination port to receive the traffic. The type of destination port
determines the type of session, which in turn determines the types of available
traffic sources. For an Ethernet traffic monitoring session, the destination
port must be an unconfigured physical port. For a Fibre Channel traffic
monitoring session, the destination port must be a Fibre Channel uplink port.
Traffic
Sources
An Ethernet traffic
monitoring session can monitor any of the following traffic sources:
-
Uplink Ethernet
port
-
Ethernet port
channel
-
VLAN
-
Service profile
vNIC
-
Service profile
vHBA
-
FCoE port
-
Port channels
-
Unified uplink
port
A Fibre Channel
traffic monitoring session can monitor any of the following traffic sources:
Guidelines and
Recommendations for Traffic Monitoring
When configuring or
activating traffic monitoring, consider the following guidelines:
-
You can create and
store up to 16 traffic monitoring sessions, but only two can be active at the
same time.
-
A traffic
monitoring session is disabled by default when created. To begin monitoring
traffic, you must activate the session.
-
A traffic
monitoring session must be unique on any fabric interconnect within the Cisco
UCS pod. Therefore, you must create each monitoring session with a unique name
and unique VLAN source.
-
To monitor traffic
from a server, add all vNICs from the service profile corresponding to the
server.
-
You can monitor
Fibre Channel traffic using either a Fibre Channel traffic analyzer or an
Ethernet traffic analyzer. When Fibre Channel traffic is monitored using an
Ethernet traffic monitoring session, with an Ethernet destination port, the
destination traffic will be FCoE.
-
Because a traffic
monitoring destination is a single physical port, a traffic monitoring session
can monitor only a single fabric. To monitor uninterrupted vNIC traffic across
a fabric failover, you must create two sessions—one per fabric—and connect two
analyzers. Add the vNIC as the traffic source for both sessions.
-
All traffic
sources must be located within the same switch as the destination port.
-
A port configured
as a destination port cannot also be configured as a source port.
-
A member port of a
port channel cannot be configured individually as a source. If the port channel
is configured as a source, all member ports are source ports.
-
A vHBA can be a
source for either an Ethernet or Fibre Channel monitoring session, but it
cannot be a source for both simultaneously.
-
A server port can
be a source only if it is a non-virtualized rack server adapter-facing port.
-
A Fibre Channel
port on a Cisco UCS 6248 fabric interconnect cannot be configured as a source
port.
-
If you change the
port profile of a virtual machine, any associated vNICs being used as source
ports are removed from monitoring, and you must reconfigure the monitoring
session.
-
If a traffic
monitoring session was configured on a dynamic vNIC under a release earlier
than
Cisco UCS Manager Release 2.0, you must reconfigure the
traffic monitoring session after upgrading.
-
SPAN traffic is rate-limited to 1 Gbps on Cisco UCS 6200 Series
fabric interconnects.
 Note |
Traffic monitoring
can impose a significant load on your system resources. To minimize the load,
select sources that carry as little unwanted traffic as possible and disable
traffic monitoring when it is not needed.
|
Creating an Ethernet Traffic Monitoring Session
 Note |
This procedure describes creating an Ethernet traffic monitoring session. To create a Fibre Channel traffic monitoring session, the following changes are required:
|
Procedure | Command or Action | Purpose |
---|
Step 1 | UCS-A#
scope eth-traffic-mon
|
Enters Ethernet traffic monitoring command mode.
|
Step 2 | UCS-A /eth-traffic-mon #
scope fabric
{a | b}
|
Enters traffic monitoring command mode for the specified fabric.
|
Step 3 | UCS-A /eth-traffic-mon/fabric #
create eth-mon-session
session-name
|
Creates a traffic monitoring session with the specified name.
|
Step 4 | UCS-A /eth-traffic-mon/fabric/eth-mon-session #
create dest-interface
slot-num port-num
|
Configures the interface at the specified slot and port number to be the destination for the traffic monitoring session. Enters the command mode for the interface.
|
Step 5 | UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface # set speedadmin-speed
| Sets the data transfer rate of the port channel to be monitored. This can be:
10gbps—10 Gbps
1gbps—1 Gbps
20gbps—20 Gbps
40gbps—40 Gbps
|
Step 6 | UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface #
commit-buffer
|
Commits the transaction to the system configuration.
|
The following example creates an Ethernet traffic monitoring session to copy and forward traffic to the destination port at slot 2, port 12, sets the admin speed to 20 Gbps, and commits the transaction:
UCS-A# scope eth-traffic-mon
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # create eth-mon-session EthMonitor33
UCS-A /eth-traffic-mon/fabric/eth-mon-session* # create dest-interface 2 12
UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface* # set speed 20gbps
UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface* # commit-buffer
UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface #
What to Do Next
Creating a Fibre Channel Traffic Monitoring Session
Procedure | Command or Action | Purpose |
---|
Step 1 | UCS-A#
scope fc-traffic-mon
|
Enters Fibre Channel traffic monitoring command mode.
|
Step 2 | UCS-A /fc-traffic-mon #
scope fabric
{a | b}
|
Enters Fibre Channel traffic monitoring command mode for the specified fabric.
|
Step 3 | UCS-A /fc-traffic-mon/fabric #
create fc-mon-session
session-name
|
Creates a Fibre Channel traffic monitoring session with the specified name.
|
Step 4 | UCS-A /fc-traffic-mon/fabric/fc-mon-session #
create dest-interface
slot-num port-num
|
Creates and enters the command mode of the destination slot and port for the Fibre Channel traffic monitoring session.
|
Step 5 | UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface # set speedadmin-speed
| Sets the data transfer rate of the port channel to be monitored. This can be:
|
Step 6 | UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface #
commit-buffer
|
Commits the transaction to the system configuration.
|
The following example creates a Fibre channel traffic monitoring session to copy and forward traffic to the destination port at slot 1, port 10, sets the admin speed to 8 Gbps, and commits the transaction:
UCS-A# scope fc-traffic-mon
UCS-A /fc-traffic-mon # scope fabric a
UCS-A /fc-traffic-mon/fabric # create fc-mon-session FCMonitor
UCS-A /fc-traffic-mon/fabric/fc-mon-session* # create dest-interface 1 10
UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface* # set speed 8gbps
UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface* # commit-buffer
UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface #
What to Do Next
Adding Traffic Sources to a Monitoring Session
Adding an Uplink Source Port to a Monitoring Session
 Note |
This procedure describes adding an Ethernet uplink port as a source for a traffic monitoring session. To add a Fibre Channel uplink port as a source, enter the
scope fc-uplink
command instead of the
scope eth-uplink
command in Step 1.
|
Before You Begin
A traffic monitoring session must be created.
Procedure | Command or Action | Purpose |
---|
Step 1 | UCS-A#
scope eth-uplink
|
Enters Ethernet uplink command mode.
|
Step 2 | UCS-A /eth-uplink #
scope fabric
{a |
b}
|
Enters uplink fabric mode for the specified
fabric.
|
Step 3 | UCS-A /eth-uplink/fabric #
scope interface
slot-num
port-num
|
Enters the interface command mode for the specified uplink port.
|
Step 4 | UCS-A /eth-uplink/fabric/interface #
create mon-src session-name
|
Adds the uplink port as a source to the specified monitoring session.
|
Step 5 | UCS-A /eth-uplink/fabric/interface/mon-src #
set direction {both | receive | transmit}
| (Optional)
Specifies the traffic direction to be monitored.
|
Step 6 | UCS-A /eth-uplink/fabric/interface/mon-src #
commit-buffer
|
Commits the transaction to the system configuration.
|
The following example adds the ingress traffic on Ethernet uplink port 3
on slot 2 of fabric A as a source for a monitoring session and commits the transaction:
UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # scope interface 2 3
UCS-A /eth-uplink/fabric/interface # create mon-src Monitor23
UCS-A /eth-uplink/fabric/interface/mon-src* # set direction receive
UCS-A /eth-uplink/fabric/interface/mon-src* # commit-buffer
UCS-A /eth-uplink/fabric/interface/mon-src #
What to Do Next
You can add additional sources to the traffic monitoring session.
Adding a vNIC or vHBA Source to a Monitoring Session
 Note |
This procedure describes adding a vNIC as a source for a traffic monitoring session. To add a vHBA as a source, enter the
scope vhba
command instead of the
scope vnic
command in Step 2.
|
Before You Begin
A traffic monitoring session must be created.
Procedure | Command or Action | Purpose |
---|
Step 1 | Switch-A#
scope system
|
Enters system mode.
|
Step 2 | Switch-A /system #
scope vm-mgmt
|
Enters VM management mode.
|
Step 3 | Switch-A /system/vm-mgmt #
show virtual-machine
| (Optional)
Displays the running virtual machines.
|
Step 4 | Switch-A /system/vm-mgmt #
scope virtual-machine uuid
|
Enters command mode for the virtual machine that contains the dynamic vNIC.
|
Step 5 | Switch-A /system/vm-mgmt/virtual-machine #
show expand
| (Optional)
Displays the virtual machine details, including the vNIC MAC address.
|
Step 6 | Switch-A /system/vm-mgmt/virtual-machine #
scope vnic
mac-address
|
Enters the command mode for the vNIC at the specified MAC address.
|
Step 7 | Switch-A /system/vm-mgmt/virtual-machine/vnic #
create mon-src session-name
|
Adds the vNIC as a source to the specified monitoring session.
|
Step 8 | Switch-A /system/vm-mgmt/virtual-machine/vnic/mon-src #
set direction {both | receive | transmit}
| (Optional)
Specifies the traffic direction to be monitored.
|
Step 9 | Switch-A /system/vm-mgmt/virtual-machine/vnic/mon-src #
commit-buffer
|
Commits the transaction to the system configuration.
|
The following example adds the ingress traffic on a dynamic vNIC as a source for a monitoring session and commits the transaction:
Switch-A# scope system
Switch-A /system # scope vm-mgmt
Switch-A /system/vm-mgmt # show virtual-machine
Virtual Machine:
UUID: 42327c42-e00c-886f-e3f7-e615906f51e9
Service Profile: org-root/ls-dsw-bld1-esx
Server: sys/chassis-1/blade-1
Status: Online
.
.
.
Switch-A /system/vm-mgmt # scope virtual-machine 42327c42-e00c-886f-e3f7-e615906f51e9
Switch-A /system/vm-mgmt/virtual-machine # show expand
Virtual Machine:
UUID: 42327c42-e00c-886f-e3f7-e615906f51e9
Service Profile: org-root/ls-dsw-bld1-esx
Server: sys/chassis-1/blade-1
Status: Online
vNIC:
Name:
Status: Online
MAC Address: 00:50:56:B2:00:00
VIF:
Vif Id: 32772
Status: Online
Phys Fabric ID: B
Virtual Fabric:
Switch-A /system/vm-mgmt/virtual-machine # scope vnic 00:50:56:B2:00:00
Switch-A /system/vm-mgmt/virtual-machine/vnic # create mon-src Monitor23
Switch-A /system/vm-mgmt/virtual-machine/vnic/mon-src* # set direction receive
Switch-A /system/vm-mgmt/virtual-machine/vnic/mon-src* # commit-buffer
Switch-A /system/vm-mgmt/virtual-machine/vnic/mon-src #
What to Do Next
You can add additional sources to the traffic monitoring session.
Adding a VLAN or VSAN Source to a Monitoring Session
 Note |
This procedure describes adding a VLAN as a source for a traffic monitoring session. To add a VSAN as a source, the following changes are required:
|
Before You Begin
A traffic monitoring session must be created.
Procedure | Command or Action | Purpose |
---|
Step 1 | UCS-A#
scope eth-uplink
|
Enters Ethernet uplink command mode.
|
Step 2 | UCS-A /eth-uplink #
scope fabric
{a |
b}
|
Enters uplink fabric mode for the specified
fabric.
Note
| This step is required when adding a local VLAN as a source. To add a global VLAN as a source, omit this step. |
|
Step 3 | UCS-A /eth-uplink/fabric #
create vlan
vlan-name
vlan-id
|
Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters uplink VLAN mode.
|
Step 4 | UCS-A /eth-uplink/fabric/vlan #
create mon-src session-name
|
Adds the VLAN as a source to the specified monitoring session.
|
Step 5 | UCS-A /eth-uplink/fabric/vlan/mon-src #
commit-buffer
|
Commits the transaction to the system configuration.
|
The following example adds a local VLAN as a source for an Ethernet monitoring session and commits the transaction:
UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # create vlan vlan23 23
UCS-A /eth-uplink/fabric/vlan # create mon-src Monitor23
UCS-A /eth-uplink/fabric/vlan/mon-src* # commit-buffer
UCS-A /eth-uplink/fabric/vlan/mon-src #
What to Do Next
You can add additional sources to the traffic monitoring session.
Adding a Storage Port Source to a Monitoring Session
 Note |
This procedure describes adding a Fibre Channel storage port as a source for a Fibre Channel traffic monitoring session. To add an FCoE storage port as a source for an Ethernet traffic monitoring session, enter the
create interface fcoe
command instead of the
create interface fc
command in Step 3.
|
Before You Begin
A traffic monitoring session must be created.
Procedure | Command or Action | Purpose |
---|
Step 1 | UCS-A#
scope fc-storage
|
Enters Fibre Channel storage port command mode.
|
Step 2 | UCS-A /fc-storage #
scope fabric
{a |
b}
|
Enters Fibre Channel storage port fabric mode for the specified
fabric.
|
Step 3 | UCS-A /fc-storage/fabric #
create interface fc slot-num
port-num
|
Creates a Fibre Channel storage port interface and enters the interface command mode.
|
Step 4 | UCS-A /fc-storage/fabric/fc #
create mon-src session-name
|
Adds the storage port as a source to the specified monitoring session.
|
Step 5 | UCS-A /fc-storage/fabric/fc/mon-src #
commit-buffer
|
Commits the transaction to the system configuration.
|
The following example adds a Fibre Channel storage port on port 3 of slot 2 as a source for a Fibre Channel monitoring session and commits the transaction:
UCS-A# scope fc-storage
UCS-A /fc-storage # scope fabric a
UCS-A /fc-storage/fabric # create interface fc 2 3
UCS-A /fc-storage/fabric/fc* # create mon-src Monitor23
UCS-A /fc-storage/fabric/fc/mon-src* # commit-buffer
UCS-A /fc-storage/fabric/fc/mon-src #
What to Do Next
You can add additional sources to the traffic monitoring session.
Activating a Traffic Monitoring Session
 Note |
This procedure describes activating an Ethernet traffic monitoring session. To activate a Fibre Channel traffic monitoring session, the following changes are required:
|
Before You Begin
Configure a traffic monitoring session.
Procedure | Command or Action | Purpose |
---|
Step 1 | UCS-A#
scope eth-traffic-mon
|
Enters Ethernet traffic monitoring command mode.
|
Step 2 | UCS-A /eth-traffic-mon #
scope fabric
{a | b}
|
Enters traffic monitoring command mode for the specified fabric.
|
Step 3 | UCS-A /eth-traffic-mon/fabric #
scope eth-mon-session
session-name
|
Enters the command mode of the traffic monitoring session with the specified name.
|
Step 4 | UCS-A /eth-traffic-mon/fabric/eth-mon-session #
disable
| enable
|
Disables or enables the traffic monitoring session.
|
Step 5 | UCS-A /eth-traffic-mon/fabric/eth-mon-session #
commit-buffer
|
Commits the transaction to the system configuration.
|
When activated, the traffic monitoring session begins forwarding traffic to the destination as soon as a traffic source is configured.
The following example activates an Ethernet traffic monitoring session and commits the transaction:
UCS-A# scope eth-traffic-mon
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # scope eth-mon-session Monitor33
UCS-A /eth-traffic-mon/fabric/eth-mon-session # enable
UCS-A /eth-traffic-mon/fabric/eth-mon-session* # commit-buffer
UCS-A /eth-traffic-mon/fabric/eth-mon-session # show
Ether Traffic Monitoring Session:
Name Admin State Oper State Oper State Reason
---------- ----------------- ------------ -----------------
Monitor33 Enabled Up Active
UCS-A /eth-traffic-mon/fabric/eth-mon-session #
Deleting a Traffic Monitoring Session
 Note |
This procedure describes deleting an Ethernet traffic monitoring session. To delete a Fibre Channel traffic monitoring session, the following changes are required:
|
Procedure | Command or Action | Purpose |
---|
Step 1 | UCS-A#
scope eth-traffic-mon
|
Enters Ethernet traffic monitoring command mode.
|
Step 2 | UCS-A /eth-traffic-mon #
scope fabric
{a | b}
|
Enters traffic monitoring command mode for the specified fabric.
|
Step 3 | UCS-A /eth-traffic-mon/fabric #
delete eth-mon-session
session-name
|
Deletes the traffic monitoring session with the specified name.
|
Step 4 | UCS-A /eth-traffic-mon/fabric #
commit-buffer
|
Commits the transaction to the system configuration.
|
The following example deletes an Ethernet traffic monitoring session and commits the transaction:
UCS-A# scope eth-traffic-mon
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # delete eth-mon-session Monitor33
UCS-A /eth-traffic-mon/fabric* # commit-buffer
UCS-A /eth-traffic-mon/fabric #