Monitoring Traffic

This chapter includes the following sections:

Traffic Monitoring

Traffic monitoring copies traffic from one or more sources and sends the copied traffic to a dedicated destination port for analysis by a network analyzer. This feature is also known as Switched Port Analyzer (SPAN).

Important:

You can monitor or use SPAN on port channels only for ingress traffic.

Type of Session

When you create a traffic monitoring session, you can choose either an Ethernet or Fibre Channel destination port to receive the traffic. The type of destination port determines the type of session, which in turn determines the types of available traffic sources. For an Ethernet traffic monitoring session, the destination port must be an unconfigured physical port. For a Fibre Channel traffic monitoring session, the destination port must be a Fibre Channel uplink port.

Traffic Sources

An Ethernet traffic monitoring session can monitor any of the following traffic sources:

  • Uplink Ethernet port

  • Ethernet port channel

  • VLAN

  • Service profile vNIC

  • Service profile vHBA

  • FCoE port

  • Port channels

  • Unified uplink port

A Fibre Channel traffic monitoring session can monitor any of the following traffic sources:

  • Uplink Fibre Channel port

  • SAN port channel

  • VSAN

  • Service profile vHBA

  • Fibre Channel storage port

Guidelines and Recommendations for Traffic Monitoring

When configuring or activating traffic monitoring, consider the following guidelines:
  • You can create and store up to 16 traffic monitoring sessions, but only two can be active at the same time.

  • A traffic monitoring session is disabled by default when created. To begin monitoring traffic, you must activate the session.

  • A traffic monitoring session must be unique on any fabric interconnect within the Cisco UCS pod. Therefore, you must create each monitoring session with a unique name and unique VLAN source.

  • To monitor traffic from a server, add all vNICs from the service profile corresponding to the server.

  • You can monitor Fibre Channel traffic using either a Fibre Channel traffic analyzer or an Ethernet traffic analyzer. When Fibre Channel traffic is monitored using an Ethernet traffic monitoring session, with an Ethernet destination port, the destination traffic will be FCoE.

  • Because a traffic monitoring destination is a single physical port, a traffic monitoring session can monitor only a single fabric. To monitor uninterrupted vNIC traffic across a fabric failover, you must create two sessions—one per fabric—and connect two analyzers. Add the vNIC as the traffic source for both sessions.

  • All traffic sources must be located within the same switch as the destination port.

  • A port configured as a destination port cannot also be configured as a source port.

  • A member port of a port channel cannot be configured individually as a source. If the port channel is configured as a source, all member ports are source ports.

  • A vHBA can be a source for either an Ethernet or Fibre Channel monitoring session, but it cannot be a source for both simultaneously.

  • A server port can be a source only if it is a non-virtualized rack server adapter-facing port.

  • A Fibre Channel port on a Cisco UCS 6248 fabric interconnect cannot be configured as a source port.

  • If you change the port profile of a virtual machine, any associated vNICs being used as source ports are removed from monitoring, and you must reconfigure the monitoring session.

  • If a traffic monitoring session was configured on a dynamic vNIC under a release earlier than Cisco UCS Manager Release 2.0, you must reconfigure the traffic monitoring session after upgrading.

  • SPAN traffic is rate-limited to 1 Gbps on Cisco UCS 6200 Series fabric interconnects.


Note


Traffic monitoring can impose a significant load on your system resources. To minimize the load, select sources that carry as little unwanted traffic as possible and disable traffic monitoring when it is not needed.


Creating an Ethernet Traffic Monitoring Session

Procedure
    Step 1   In the Navigation pane, click the LAN tab.
    Step 2   On the LAN tab, expand LAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name.
    Step 3   Right-click Fabric_Interconnect_Name and choose Create Traffic Monitoring Session.
    Step 4   In the Create Traffic Monitoring Session dialog box, complete the following fields:
    Name Description

    Name field

    The name of the traffic monitoring session.

    This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object has been saved.

    Admin State field

    Whether traffic will be monitored for the physical port selected in the Destination field. This can be one of the following:

    • EnabledCisco UCS begins monitoring the port activity as soon as some source components are added to the session.

    • DisabledCisco UCS does not monitor the port activity.

    Destination drop-down list

    Select the physical port whose communication traffic you want to monitor from the navigation tree.

    Admin Speed field

    The data transfer rate of the port channel to be monitored.

    The available data rates depend on the fabric interconnect installed in the Cisco UCS domain.

    Step 5   Click OK.

    What to Do Next

    • Add traffic sources to the traffic monitoring session.

    • Activate the traffic monitoring session.

    Setting the Destination for an Existing Ethernet Traffic Monitoring Session

    Procedure
      Step 1   In the Navigation pane, click the LAN tab.
      Step 2   On the LAN tab, expand LAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name > Monitor_Session_Name.
      Step 3   In the Work pane, click the General tab.
      Step 4   In the Actions area, click Set Destination.
      Step 5   In the Set Destination dialog box, complete the following fields:

      Example:
      Name Description

      Destination field

      The physical port that is being monitored.

      Admin Speed field

      The data transfer rate of the port channel to be monitored.

      The available data rates depend on the fabric interconnect installed in the Cisco UCS domain.

      Step 6   Click OK.

      Clearing the Destination for an Existing Ethernet Traffic Monitoring Session

      Procedure
        Step 1   In the Navigation pane, click the LAN tab.
        Step 2   On the LAN tab, expand LAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name > Monitor_Session_Name.
        Step 3   In the Work pane, click the General tab.
        Step 4   In the Actions area, click Clear Destination.
        Step 5   If the Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.

        Creating a Fibre Channel Traffic Monitoring Session

        Procedure
          Step 1   In the Navigation pane, click the SAN tab.
          Step 2   On the LAN tab, expand SAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name.
          Step 3   Right-click Fabric_Interconnect_Name and choose Create Traffic Monitoring Session.
          Step 4   In the Create Traffic Monitoring Session dialog box, complete the following fields:
          Name Description

          Name field

          The name of the traffic monitoring session.

          This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object has been saved.

          Admin State field

          Whether traffic will be monitored for the physical port selected in the Destination field. This can be one of the following:

          • EnabledCisco UCS begins monitoring the port activity as soon as some source components are added to the session.

          • DisabledCisco UCS does not monitor the port activity.

          Destination drop-down list

          Select the physical port whose communication traffic you want to monitor from the navigation tree.

          Admin Speed drop-down list

          The data transfer rate of the port channel to be monitored. This can be one of the following:

          • 1 Gbps

          • 2 Gbps

          • 4 Gbps

          • 8 Gbps

          • AutoCisco UCS determines the data transfer rate.

          Step 5   Click OK.

          What to Do Next

          • Add traffic sources to the traffic monitoring session.

          • Activate the traffic monitoring session.

          Setting the Destination for an Existing Fibre Channel Traffic Monitoring Session

          Procedure
            Step 1   In the Navigation pane, click the SAN tab.
            Step 2   On the SAN tab, expand SAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name > Monitor_Session_Name.
            Step 3   In the Work pane, click the General tab.
            Step 4   In the Actions area, click Set Destination.
            Step 5   In the Set Destination dialog box, complete the following fields:
            Name Description

            Destination drop-down list

            Select the physical port whose communication traffic you want to monitor from the navigation tree.

            Admin Speed drop-down list

            The data transfer rate of the port channel to be monitored. This can be one of the following:

            • 1 Gbps

            • 2 Gbps

            • 4 Gbps

            • 8 Gbps

            • AutoCisco UCS determines the data transfer rate.

            Step 6   Click OK.

            Clearing the Destination for an Existing Fibre Channel Traffic Monitoring Session

            Procedure
              Step 1   In the Navigation pane, click the SAN tab.
              Step 2   On the SAN tab, expand SAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name > Monitor_Session_Name.
              Step 3   In the Work pane, click the General tab.
              Step 4   In the Actions area, click Clear Destination.
              Step 5   If the Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.

              Adding Traffic Sources to a Monitoring Session

              You can choose multiple sources from more than one source type to be monitored by a traffic monitoring session. The available sources depend on the components configured in the Cisco UCS domain.


              Note


              This procedure describes how to add sources for Ethernet traffic monitoring sessions. To add sources for a Fibre Channel monitoring session, select the SAN tab instead of the LAN tab in Step 2.


              Before You Begin

              A traffic monitoring session must be created.

              Procedure
                Step 1   In the Navigation pane, click the LAN tab.
                Step 2   On the LAN tab, expand LAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name.
                Step 3   Expand Fabric_Interconnect_Name and click the monitor session that you want to configure.
                Step 4   In the Work pane, click the General tab.
                Step 5   In the Sources area, expand the section for the type of traffic source that you want to add.

                Step 6   To see the components that are available for monitoring, click the + button in the right-hand edge of the table to open the Add Monitoring Session Source dialog box.
                Step 7   Select a source component and click OK.

                You can repeat the preceding three steps as needed to add multiple sources from multiple source types.

                Step 8   Click Save Changes.

                What to Do Next

                Activate the traffic monitoring session. If the session is already activated, traffic will be forwarded to the monitoring destination when you add a source.

                Activating a Traffic Monitoring Session


                Note


                This procedure describes how to activate an Ethernet traffic monitoring session. To activate a Fibre Channel monitoring session, select the SAN tab instead of the LAN tab in Step 2.


                Before You Begin

                A traffic monitoring session must be created.

                Procedure
                  Step 1   In the Navigation pane, click the LAN tab.
                  Step 2   On the LAN tab, expand LAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name.
                  Step 3   Expand Fabric_Interconnect_Name and click the monitor session that you want to activate.
                  Step 4   In the Work pane, click the General tab.
                  Step 5   In the Properties area, click the enabled radio button for Admin State.
                  Step 6   Click Save Changes.

                  If a traffic monitoring source is configured, traffic begins to flow to the traffic monitoring destination port.

                  Deleting a Traffic Monitoring Session


                  Note


                  This procedure describes how to delete an Ethernet traffic monitoring session. To delete a Fibre Channel monitoring session, select the SAN tab instead of the LAN tab in Step 2.


                  Procedure
                    Step 1   In the Navigation pane, click the LAN tab.
                    Step 2   On the LAN tab, expand LAN > Traffic Monitoring Sessions > Fabric_Interconnect_Name.
                    Step 3   Expand Fabric_Interconnect_Name and click the monitor session that you want to delete.
                    Step 4   In the Work pane, click the General tab.
                    Step 5   In the Actions area, click the Delete icon.
                    Step 6   If the Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.