Traffic Monitoring

Traffic Monitoring

Traffic monitoring copies traffic from one or more source ports and sends the copied traffic to a dedicated destination port for analysis by a network analyzer. This feature is also known as Switched Port Analyzer (SPAN).

However, this traffic monitoring is limited to one switch. SPAN can send the traffic between switches, but this traffic cannot be routed. To overcome this problem, support for ERSPAN (Encapsulated Remote Switched Port Analyzer) is provided from Cisco UCS Manager 4.3(4a).

ERSPAN uses GRE encapsulation, which allows you to route SPAN traffic from a source to a destination in the L3 network.

ERSPAN is used to transport mirrored traffic in an IP network. An origin interface will be created on each Fabric Interconnect with a configured source IP address to forward the packets on the L3 network. A unique IP address per fabric is captured along with the VLAN information.

Types of Traffic Monitoring Sessions

There are two types of monitoring sessions:

  • Ethernet

  • Fibre Channel

The type of destination port determines what kind of monitoring session you need. For an Ethernet traffic monitoring session, the destination port must be an unconfigured physical port. For a Fibre Channel traffic monitoring session, the destination port must be a Fibre Channel uplink port except when you are using Cisco UCS 6600 Series Fabric Interconnect, Cisco UCS 6500 Series Fabric Interconnect, and Cisco UCS 6400 Series Fabric Interconnect.


Note

For Cisco UCS 6600, 6500, and 6400 series Fabric Interconnects, you cannot choose Fibre Channel destination ports. The destination port must be an unconfigured physical Ethernet port.

Traffic Monitoring Across Ethernet

An Ethernet traffic monitoring session can monitor any of the following traffic source and destination ports:

Source Ports

Destination Ports

  • Uplink Ethernet port

  • Ethernet port channel

  • VLAN

  • Service profile vNIC

  • Service profile vHBA

  • FCoE port

  • Port channels

  • Unified uplink port

  • VSAN

Unconfigured Ethernet Port


Note

All traffic sources must be located within the same switch as the destination port. A port configured as a destination port cannot also be configured as a source port. A member port of a port channel cannot be configured individually as a source. If the port channel is configured as a source, all member ports are source ports.

A server port can be a source, only if it is a non-virtualized rack server adapter-facing port.

Traffic Monitoring for Cisco UCS 6600, 6500,6400 Series Fabric Interconnects

  • Cisco UCS 6600, 6500, 6400 Series Fabric Interconnects do not support a Fibre Channel port as a destination port. Therefore, an Ethernet port is the only option for configuring any traffic monitoring session on this Fabric Interconnect.

  • Cisco UCS 6600, 6500, 6400 Series Fabric Interconnects support monitoring traffic in the transmit direction for more than two sources per Fabric Interconnect.

  • You can monitor or use SPAN on port channels sources for traffic in the transmit and receive directions.

  • You can configure a port as a destination port for only one monitor session.

  • You can monitoring Port-Channel as a source in the transmit direction.

  • You cannot monitor vEth as a source in the transmit direction.

Traffic Monitoring Across Fibre Channel

You can monitor Fibre Channel traffic using either a Fibre Channel traffic analyzer or an Ethernet traffic analyzer. When Fibre Channel traffic is monitored with an Ethernet traffic monitoring session, at an Ethernet destination port, the destination traffic is FCoE.

A Fibre Channel traffic monitoring session can monitor any of the following traffic source and destination ports:

Source Ports

Destination Ports

  • FC Port

  • FC Port Channel

  • Uplink Fibre Channel port

  • SAN port channel

  • VSAN

  • Service profile vHBA

  • Fibre Channel storage port

  • Fibre Channel uplink port

  • Unconfigured Ethernet Port (Cisco UCS 6400, 6536, 6664 Fabric Interconnects)

Guidelines and Recommendations for Traffic Monitoring

When configuring or activating traffic monitoring, consider the following guidelines:

Traffic Monitoring Sessions

A traffic monitoring session is disabled by default when created. To begin monitoring traffic, first activate the session. A traffic monitoring session must be unique on any fabric interconnect within the Cisco UCS pod. Create each monitoring session with a unique name and unique VLAN source. To monitor traffic from a server, add all vNICs from the service profile corresponding to the server.


Note

No more than 32 VLANs can be added to a SPAN monitoring session.

Maximum Number of Supported Active Traffic Monitoring Sessions Per Fabric-Interconnect

You can create and store up to 16 traffic monitoring sessions, but only four can be active at the same time.

From Cisco UCS Manager 4.3(4a), receive or transmit monitoring sessions or both are considered as one session only.

Four active sessions—Includes Ethernet and Fibre Channel traffic monitoring session in any traffic direction.

The traffic monitoring session limits are restricted as per each Fabric Interconnect. You can configure up to 16 sessions. But, a maximum of 4 monitoring sessions of Ethernet or Fabric Interconnect can be active.


Note

Traffic monitoring can impose a significant load on your system resources. To minimize the load, select sources that carry as little unwanted traffic as possible and disable traffic monitoring when it is not needed.

vNIC

Because a traffic monitoring destination is a single physical port, a traffic monitoring session can monitor only a single fabric. To monitor uninterrupted vNIC traffic across a fabric failover, create two sessions, one per fabric and connect two analyzers. Add the vNIC as the traffic source using the exact same name for both sessions. If you change the port profile of a virtual machine, any associated vNICs being used as source ports are removed from monitoring, and you must reconfigure the monitoring session. If a traffic monitoring session was configured on a dynamic vNIC under a release earlier than Cisco UCS Manager Release 2.0, you must reconfigure the traffic monitoring session after upgrading. Cisco UCS Fabric Interconnects 9108 100G, Cisco UCS 6500, Cisco UCS 6400 Series Fabric Interconnects do not support traffic monitoring traffic from a vNIC in the transmit direction.

vHBA

A vHBA can be a source for either an Ethernet or Fibre Channel monitoring session, but it cannot be a source for both simultaneously. When a VHBA is set as the SPAN source, the SPAN destination only receives VN-Tagged frames. It does not receive direct FC frames. Cisco UCS 6500, Cisco UCS 6400 Series Fabric Interconnects do not support traffic monitoring traffic from a vHBA in the transmit direction.

For ERSPAN

ERSPAN functionality supports the following:

  • Applicable for 4G (HD) and 5G Fabric Interconnects only.

  • Source session monitoring only.

  • Ethernet and FC Port are the source interfaces.

  • Allows configuring ERSPAN on both the Fabric Interconnects.

  • VLANs must be defined before creating an origin interface.

  • Only IPv4 delivery or transport header is supported.

  • Only supports Type-II ERSPAN header.

ERSPAN functionality does not support the following:

  • Destination session monitoring.

  • Source session ACLs.

  • PVLANs and local VLANs are not supported for service VLANs.

Limitations

  • The ingress packets that are received on port-channel or the physical port are not spanned to the destination. This occurs when there is only one uplink and when the session source and session egress are the same.

  • When there is a port channel with two members as one uplink, packets are spanned twice to the analyser.

  • When you want to configure more than one VLAN as a monitoring source, we recommend that the traffic monitoring source for each VLAN is monitored individually as it may take time to get updated in the system. This occurs when you have a setup with more VLANs and you want to configure VLAN as a monitoring source.

Choosing Between Traffic Monitoring Sessions

From Cisco UCS Manager 4.3(4a), you can now choose between SPAN or ERSPAN traffic monitoring sessions.

Limitations


Note
Existing SPAN limitations apply to ERSPAN too.

The following are the limitations when you choose between SPAN or ERSPAN traffic monitoring sessions:

  • Session migration is not supported. You cannot change the session type from SPAN to ERSPAN or vice versa after it is created.

  • ERSPAN does not share origin interface or VLAN configuration with Netflow.

    You cannot use the same source VLAN for both Netflow and ERSPAN.


    Note
    IP addresses also cannot be shared with Netflow.

  • You cannot enable span capturing control packets on ERSPAN sessions.

Traffic Monitoring for SPAN

Creating an Ethernet Traffic Monitoring Session


Note

This procedure describes creating an Ethernet traffic monitoring session. To create a Fibre Channel traffic monitoring session, the following changes are required:

  • Enter the scope fc-traffic-mon command instead of the scope eth-traffic-mon command in Step 1.

  • Enter the create fc-mon-session command instead of the create eth-mon-session command in Step 3.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-traffic-mon

Enters Ethernet traffic monitoring command mode.

Step 2

UCS-A /eth-traffic-mon # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-traffic-mon/fabric # create eth-mon-session session-name

Creates a traffic monitoring session with the specified name.

Step 4

UCS-A /eth-traffic-mon/fabric/eth-mon-session # create dest-interface slot-num port-num

Configures the interface at the specified slot and port number to be the destination for the traffic monitoring session. Enters the command mode for the interface.

Step 5

UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface # set speedadmin-speed

Sets the data transfer rate of the port channel to be monitored. This can be:

  • 1gbps—1 Gbps

  • 10gbps—10 Gbps

  • 20gbps—20 Gbps

  • 40gbps—40 Gbps

Step 6

UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates an Ethernet traffic monitoring session to copy and forward traffic to the destination port at slot 2, port 12, sets the admin speed to 20 Gbps, and commits the transaction: 

UCS-A# scope eth-traffic-mon
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # create eth-mon-session EthMonitor33
UCS-A /eth-traffic-mon/fabric/eth-mon-session* # create dest-interface 2 12
UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface* # set speed 20gbps
UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface* # commit-buffer
UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface #

What to do next

  • Add traffic sources to the traffic monitoring session.

  • Activate the traffic monitoring session.

Creating a Fibre Channel Traffic Monitoring Session

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope fc-traffic-mon

Enters Fibre Channel traffic monitoring command mode.

Step 2

UCS-A /fc-traffic-mon # scope fabric {a | b}

Enters Fibre Channel traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /fc-traffic-mon/fabric # create fc-mon-session session-name

Creates a Fibre Channel traffic monitoring session with the specified name.

Step 4

UCS-A /fc-traffic-mon/fabric/fc-mon-session # create dest-interface slot-num port-num

Creates and enters the command mode of the destination slot and port for the Fibre Channel traffic monitoring session.

Step 5

UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface # set speedadmin-speed

Sets the data transfer rate of the port channel to be monitored. This can be:

  • 1gbps—1 Gbps

  • 2gbps—2 Gbps

  • 4gbps—4 Gbps

  • 8gbps—8 Gbps

  • auto—Cisco UCS determines the data transfer rate.

Step 6

UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a Fibre channel traffic monitoring session to copy and forward traffic to the destination port at slot 1, port 10, sets the admin speed to 8 Gbps, and commits the transaction: 

UCS-A# scope fc-traffic-mon
UCS-A /fc-traffic-mon # scope fabric a
UCS-A /fc-traffic-mon/fabric # create fc-mon-session FCMonitor
UCS-A /fc-traffic-mon/fabric/fc-mon-session* # create dest-interface 1 10
UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface* # set speed 8gbps
UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface* # commit-buffer
UCS-A /fc-traffic-mon/fabric/fc-mon-session/dest-interface #

What to do next

  • Add traffic sources to the traffic monitoring session.

  • Activate the traffic monitoring session.

Traffic Monitoring for ERSPAN

Configure the Origin Interface

You can create an origin interface on each fabric interconnect with a configured source IP address to forward the packets on the L3 network. You must configure a global VLAN and a unique IP address per fabric interconnect that is captured along with the VLAN information. ERSPAN uses them as a source IP address on an SVI interface.

The uplink switch must be configured to forward the traffic from the fabric interconnect to the traffic analyser over the L3 network. It receives the traffic from the Fabric interconnect SVI interface.


Note
This procedure describes how to configure the origin interface from Ethernet traffic monitoring session. To configure the origin interface from Fibre Channel traffic monitoring session, select the SAN tab instead of the LAN tab in Step 2.

Note

Only one Origin Interface is allowed.

Before you begin

Ensure that VLAN is configured.

A VLAN interface, or switch virtual interface (SVI), is a virtual routed interface that connects a VLAN on the device to the Layer 3 router engine on the same device. ERSPAN configuration expects to have SVI in the uplink switch with a VLAN ID matching the VLAN ID used for Origin Interface in the connected Fabric Interconnect device. The IP address that is configured for SVI in the uplink switch will be used a default gateway address in the Origin Interface configuration for Remote Monitoring.

Procedure

  Command or Action Purpose

Step 1

UCS-A # scope remote-traffic-mon

Enters the remote traffic monitoring mode.

Step 2

UCS-A /remote-traffic-mon # create vlan <vlan name>

Creates a VLAN, specifies the VLAN name, and enters remote traffic monitoring mode.

Step 3

UCS-A /remote-traffic-mon/vlan* # create origin {a | b}

Creates the origin interface for the specified fabric interconnect (A or B).

Step 4

UCS-A /remote-traffic-mon/vlan/origin* # set addr <IP address> subnet <subnet-mask> def-gw < def-gw gateway-ip>

Sets the IP address, subnet address, and default gateway address.

Step 5

UCS-A /remote-traffic-mon/vlan/origin* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates an origin interface, and commits the transaction: 

UCS-A  /eth-uplink # scope remote-traffic-mon
UCS-A /remote-traffic-mon # create vlan vlan102
UCS-A /remote-traffic-mon/vlan* # create origin a
UCS-A /remote-traffic-mon/vlan/origin* # set addr 10.10.10.23 subnet 255.255.255.0 def-gw 10.10.10.2
UCS-A /remote-traffic-mon/vlan/origin* # commit-buffer
UCS-A /remote-traffic-mon/vlan/origin* # up
UCS-A /remote-traffic-mon/vlan # show origin detail

Origin IP:
    Fabric Id: A
    IP address: 10.10.10.23
    Subnet mask: 255.255.255.0
    Default Gateway: 10.10.10.2

    Fabric Id: B
    IP address: 10.10.10.24
    Subnet mask: 255.255.255.0
    Default Gateway: 10.10.10.2

UCS-A /remote-traffic-mon/vlan #

Creating an Ethernet Traffic Monitoring Session


Note

This procedure describes creating an Ethernet traffic monitoring session. To create a Fibre Channel traffic monitoring session, the following changes are required:

  • Enter the scope fc-traffic-mon command instead of the scope eth-traffic-mon command in Step 2.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-traffic-mon

Enters Ethernet traffic monitoring command mode.

Step 2

UCS-A /eth-traffic-mon # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-traffic-mon/fabric # create eth-mon-session <session name>

Creates a ethernet monitoring session, specifies the session name, and enters the ethernet traffic monitoring mode.

Step 4

UCS-A /eth-traffic-mon/fabric/eth-mon-session* # set session-type <session-type> {span-local|erspan-source}

Creates the session type. By default it is span-local.

Step 5

UCS-A /eth-traffic-mon/fabric/eth-mon-session* # create remote-config

Creates the ethernet remote configuration mode.

Step 6

UCS-A /eth-traffic-mon/fabric/eth-mon-session* # set destination-ip <destination ip>

Creates the destination IP address.

Step 7

UCS-A /eth-traffic-mon/fabric/eth-mon-session* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates an Ethernet traffic monitoring session, and commits the transaction: 

UCS-A# scope eth-traffic-mon
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # create eth-mon-session Test2
UCS-A /eth-traffic-mon/fabric/eth-mon-session* # set session-type erspan-source
UCS-A /eth-traffic-mon/fabric/eth-mon-session* # create remote-config
UCS-A /eth-traffic-mon/fabric/eth-mon-session/fc* # set destination-ip 10.193.167.34
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote* # commit-buffer
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote # show detail

Remote Config:
    ERSPAN ID: 512
    Destination IP: 10.193.167.34
    IP TTL: 64
    IP DSCP: 0
    MTU: 512
    Truncation enabled: Yes
    Fwd drops ingress: Yes
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote #

UCS-A /eth-traffic-mon/fabric # show eth-mon-session

Ethernet Traffic Monitoring Session:

Name       Admin State    Oper State   Oper State Reason Config Success Session type
---------- -------------- ------------ ----------------- -------------- --------
----
A1         Disabled       Down         Session Admin Shut Yes            Erspan Source
demo       Disabled       Down         Session Admin Shut Yes            Erspan Source

What to do next

  • Add traffic sources to the traffic monitoring session.

  • Activate the traffic monitoring session.

Creating a Fibre Channel Traffic Monitoring Session

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope fc-traffic-mon

Enters Fibre Channel traffic monitoring command mode.

Step 2

UCS-A /fc-traffic-mon # scope fabric {a | b}

Enters Fibre Channel traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /fc-traffic-mon/fabric # create fc-mon-session <session name>

Creates a Fibre Channel monitoring session, specifies the session name, and enters the Fibre Channel traffic monitoring mode.

Step 4

UCS-A /fc-traffic-mon/fabric/fc-mon-session* # set session-type <session-type> {span-local|erspan-source}

Creates the session type. By default it is span-local.

Step 5

UCS-A /fc-traffic-mon/fabric/fc-mon-session* # create remote-config

Creates the Fibre Channel remote configuration mode.

Step 6

UCS-A /fc-traffic-mon/fabric/fc-mon-session* # set destination-ip <destination ip>

Creates the destination IP address.

Step 7

UCS-A /fc-traffic-mon/fabric/fc-mon-session* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to create a Fibre Channel traffic monitoring session, and commits the transaction: 

UCS-A# scope fc-traffic-mon
UCS-A /fc-traffic-mon # scope fabric a
UCS-A /fc-traffic-mon/fabric # create fc-mon-session Test2
UCS-A /fc-traffic-mon/fabric/fc-mon-session* # set session-type
  erspan-source  Erspan Source
  span-local     Span Local

UCS-A /fc-traffic-mon/fabric/fc-mon-session* # set session-type erspan-source
UCS-A /fc-traffic-mon/fabric/fc-mon-session* # create remote-config
UCS-A /fc-traffic-mon/fabric/fc-mon-session/remote-config* # set destination-ip 10.193.167.34
UCS-A /fc-traffic-mon/fabric/fc-mon-session/remote-config* # commit-buffer
UCS-A /fc-traffic-mon/fabric/fc-mon-session/remote-config # show detail

Remote Config:
    ERSPAN ID: 512
    Destination IP: 10.193.167.34
    IP TTL: 64
    IP DSCP: 0
    MTU: 512
    Truncation enabled: Yes
    Fwd drops ingress: Yes
UCS-A /fc-traffic-mon/fabric/fc-mon-session/fc # 
UCS-A /fc-traffic-mon/fabric # show fc-mon-session

Fibre Channel Traffic Monitoring Session:

Name       Admin State    Oper State   Oper State Reason Config Success Session type
---------- -------------- ------------ ----------------- -------------- --------
----
A1         Disabled       Down         Session Admin Shut Yes            Erspan Source
demo       Disabled       Down         Session Admin Shut Yes            Erspan Source

What to do next

  • Add traffic sources to the traffic monitoring session.

  • Activate the traffic monitoring session.

ERSPAN Truncation

Beginning with Cisco UCS Manager 4.3(4a), you can configure the truncation of source packets for each ERSPAN session based on the size of the maximum transmission unit (MTU). Truncation helps to decrease ERSPAN bandwidth by reducing the size of monitored packets. Any ERSPAN packet that is larger than the configured MTU size is truncated to the given size. For ERSPAN, an additional ERSPAN header is added to the truncated packet from 54 to 166 bytes depending on the ERSPAN header type. For example, if you configure the MTU as 300 bytes, the packets are replicated with an ERSPAN header size from 354 to 466 bytes depending on the ERSPAN header type configuration.

ERSPAN truncation is disabled by default. To use truncation, you must enable it for each ERSPAN session.

Configuring ERSPAN Truncation

You can configure truncation for ERSPAN source sessions only.


Note
By default, the ERSPAN session forwards the entire packets (9216 jumbo packets).

This procedure describes how to truncate the MTU size:

Before you begin

Enable packet truncation for an ERSPAN.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-traffic-mon

Enters Ethernet traffic monitoring command mode.

Step 2

UCS-A /eth-traffic-mon # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-traffic-mon/fabric # create eth-mon-session <session name>

Creates an Ethernet monitoring session, specifies the session name, and enters the Ethernet traffic monitoring mode.

Step 4

UCS-A /eth-traffic-mon/fabric/eth-mon-session* # set session-type <session type>

Creates an Ethernet monitoring session, specifies the session type, and enters the Ethernet traffic monitoring mode.

By default, it is SPAN Local. The supported monitoring session types are SPAN Local. and ERSPAN Source.

Step 5

UCS-A /eth-traffic-mon/fabric/eth-mon-session* # create remote-config

Creates the Ethernet remote configuration mode.

Step 6

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set/unset packet-truncation {Yes| No}

Creates packet truncation for the specified Ethernet monitoring session.

Step 7

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set mtu <size>

Configures the MTU size for truncation. Any ERSPAN packet that is larger than the configured MTU size is truncated to the configured size.

Note

 
The MTU size range is 64 to 1518 bytes. The maximum allowed size is 1518.

Note

 
You must enable packet truncation to modify the MTU size.

Step 8

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # Set destination-ip <destination-ip>

Sets the destination IP address.

Step 9

(Optional) UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set erspan-id <erspan-id>

Configures the ERSPAN ID for the ERSPAN source session. The ERSPAN range is from 1 to 1023.

Step 10

(Optional) UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set ip-ttl <ttl value>

Configures the IP time-to-live (TTL) value for the ERSPAN traffic. The range is from 1 to 255.

Step 11

(Optional) UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set ip-dscp <dscp value>

Configures the differentiated services code point (DSCP) value of the packets in the ERSPAN traffic. The range is from 0 to 63.

Step 12

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example allows you to enable packet truncation and sets the packet size:

UCS-A# scope eth-traffic-mon
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # create eth-mon-session TR
UCS-A /eth-traffic-mon/fabric/eth-mon-session* # set session-type erspan-source
UCS-A /eth-traffic-mon/fabric/eth-mon-session* # create remote-config
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set packet-truncation yes
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set mtu 256
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set destination-ip 10.193.167.34
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set erspan-id test1
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set ip-ttl 3
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set ip-dscp 2
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # commit-buffer
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config # show detail

Ether Remote Config:
    ERSPAN ID: 0
    Destination IP: 10.193.167.34
    IP TTL: 64
    IP DSCP: 0
    MTU: 256
    Truncation enabled: Yes
    Fwd drops ingress: No

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config #

Viewing or Modifying an ERSPAN Truncation

You can configure truncation for ERSPAN source sessions only.


Note
By default, the ERSPAN session forwards the entire packets (9216 jumbo packets).

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-traffic-mon

Enters Ethernet traffic monitoring command mode.

Step 2

UCS-A /eth-traffic-mon # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-traffic-mon/fabric # scope eth-mon-session <session name>

Enters an Ethernet monitoring session, specifies the session name, and enters the Ethernet traffic monitoring mode.

Step 4

UCS-A /eth-traffic-mon/fabric/eth-mon-session* # scope remote-config

Enters the Ethernet remote configuration mode.

Step 5

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set packet-truncation {Yes| No}

Creates packet truncation for the specified Ethernet monitoring session.

Step 6

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set mtu <size>

Configures the MTU size for truncation. Any ERSPAN packet that is larger than the configured MTU size is truncated to the configured size.

Note

 
The MTU size range is 64 to 1518 bytes. The maximum allowed size is 1518.

Step 7

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example allows you to enable packet truncation and sets the packet size:

UCS-A# scope eth-traffic-mon Monitor33
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # scope eth-mon-session
UCS-A /eth-traffic-mon/fabric/eth-mon-session/ # scope remote-config remote3
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set packet-truncation yes
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # set mtu 256
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config* # commit-buffer
UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config # show detail

Ether Remote Config:
    ERSPAN ID: 0
    Destination IP: 10.193.167.34
    IP TTL: 64
    IP DSCP: 0
    MTU: 256
    Truncation enabled: Yes
    Fwd drops ingress: No

UCS-A /eth-traffic-mon/fabric/eth-mon-session/remote-config #

Adding Traffic Sources to a Monitoring Session

Adding an Uplink Source Port to a Monitoring Session


Note

This procedure describes adding an Ethernet uplink port as a source for a traffic monitoring session. To add a Fibre Channel uplink port as a source, enter the scope fc-uplink command instead of the scope eth-uplink command in Step 1.

Before you begin

A traffic monitoring session must be created.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink command mode.

Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters uplink fabric mode for the specified fabric.

Step 3

UCS-A /eth-uplink/fabric # scope interface slot-num port-num

Enters the interface command mode for the specified uplink port.

Step 4

UCS-A /eth-uplink/fabric/interface # create mon-src session-name

Adds the uplink port as a source to the specified monitoring session.

Step 5

(Optional) UCS-A /eth-uplink/fabric/interface/mon-src # set direction {both | receive | transmit}

(Optional)

Specifies the traffic direction to be monitored.

Note

 

If you do not select any direction, the default direction is Rx.

Step 6

UCS-A /eth-uplink/fabric/interface/mon-src # commit-buffer

Commits the transaction to the system configuration.

Example

The following example adds the ingress traffic on Ethernet uplink port 3 on slot 2 of fabric A as a source for a monitoring session and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # scope interface 2 3
UCS-A /eth-uplink/fabric/interface # create mon-src Monitor23
UCS-A /eth-uplink/fabric/interface/mon-src* # set direction receive
UCS-A /eth-uplink/fabric/interface/mon-src* # commit-buffer
UCS-A /eth-uplink/fabric/interface/mon-src #

What to do next

You can add additional sources to the traffic monitoring session.

Adding a VLAN or VSAN Source to a Monitoring Session


Note
This procedure describes adding a VLAN as a source for a traffic monitoring session. To add a VSAN as a source, the following changes are required:

  • Enter the scope fc-uplink command instead of the scope eth-uplink command in Step 1.

  • Enter the create vsan command instead of the create vlan command in Step 3.

Before you begin

A traffic monitoring session must be created.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink command mode.

Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters uplink fabric mode for the specified fabric.

Note

 
This step is required when adding a local VLAN as a source. To add a global VLAN as a source, omit this step.

Step 3

UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters uplink VLAN mode.

Step 4

UCS-A /eth-uplink/fabric/vlan # create mon-src session-name

Adds the VLAN as a source to the specified monitoring session.

Step 5

UCS-A /eth-uplink/fabric/vlan/mon-src # commit-buffer

Commits the transaction to the system configuration.

Example

The following example adds a local VLAN as a source for an Ethernet monitoring session and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # create vlan vlan23 23
UCS-A /eth-uplink/fabric/vlan # create mon-src Monitor23
UCS-A /eth-uplink/fabric/vlan/mon-src* # commit-buffer
UCS-A /eth-uplink/fabric/vlan/mon-src #

What to do next

You can add additional sources to the traffic monitoring session.

Adding a Storage Port Source to a Monitoring Session


Note

This procedure describes adding a Fibre Channel storage port as a source for a Fibre Channel traffic monitoring session. To add an FCoE storage port as a source for an Ethernet traffic monitoring session, enter the scope interface fcoe command instead of the scope interface fc command in Step 3.

Before you begin

A traffic monitoring session must be created.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope fc-storage

Enters Fibre Channel storage port command mode.

Step 2

UCS-A /fc-storage # scope fabric {a | b}

Enters Fibre Channel storage port fabric mode for the specified fabric.

Step 3

UCS-A /fc-storage/fabric # scope interface fc slot-num port-num

Enters the Fibre Channel storage port interface and enters the interface command mode.

Step 4

UCS-A /fc-storage/fabric/fc # create mon-src session-name

Adds the storage port as a source to the specified monitoring session.

Step 5

UCS-A /fc-storage/fabric/fc/mon-src # commit-buffer

Commits the transaction to the system configuration.

Example

The following example adds a Fibre Channel storage port on port 3 of slot 2 as a source for a Fibre Channel monitoring session and commits the transaction: 

UCS-A# scope fc-storage
UCS-A /fc-storage # scope fabric a
UCS-A /fc-storage/fabric # scope interface fc 2 3
UCS-A /fc-storage/fabric/fc* # create mon-src Monitor23
UCS-A /fc-storage/fabric/fc/mon-src* # commit-buffer
UCS-A /fc-storage/fabric/fc/mon-src #

What to do next

You can add additional sources to the traffic monitoring session.

Adding a vNIC Source to a Monitoring Session

Before you begin

Configure a traffic monitoring session.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope org

Enters the organization mode for the specified organization.

Step 2

UCS-A /org # scope service-profile <profile-name>

Enters organization service profile mode for the specified service.

Step 3

UCS-A /org/service-profile # scope vnic <vnic-name>

Associates the specified vNIC with the service profile.

Step 4

UCS-A /org/service-profile/vnic # create mon-src <session-name>

Adds the organization service profile as a source to the specified monitoring session.

Step 5

(Optional) UCS-A /org/service-profile/vnic/mon-src* # set direction{ receive | transmit | both

Sets the traffic direction to be monitored.

Note

 

vNIC can be monitored in receive direction only.

Step 6

UCS-A /org/service-profile/vnic/mon-src* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example adds a vNIC as a source for an Ethernet Traffic Monitoring Session and commits the transaction:

UCS-A# scope org
UCS-A /org # scope service-profile WDC
UCS-A /org/service-profile # scope vnic eth0
UCS-A /org/service-profile/vnic # create mon-src TC-A
UCS-A /org/service-profile/vnic/mon-src* # set direction receive
UCS-A /org/service-profile/vnic/mon-src* # commit-buffer
UCS-A /org/service-profile/vnic/mon-src #

Adding a Port Channel Source to a Monitoring Session


Note

This procedure describes adding an Ethernet port channel as a source for a traffic monitoring session. To add a Fibre Channel port channel as a source, enter the scope fc-uplink command instead of the scope eth-uplink command in Step 1.

Before you begin

Configure a traffic monitoring session.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink command mode.

Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-uplink/fabric # show port-channel

Displays the port channel details.

Step 4

UCS-A /eth-uplink/fabric # scope port-channel <port-number>

Enters the Ethernet uplink port channel configuration mode.

Step 5

UCS-A /eth-uplink/fabric/port-channel # create aggr-interface member-port mon-src

Creates an aggregate interface.

Step 6

UCS-A /eth-uplink/fabric/port-channel* # create m member-port mon-src

Adds the uplink port channel as a source to the specified monitoring session.

Step 7

UCS-A /eth-uplink/fabric/port-channel* # create mon-src <session-name>

Adds the uplink port channel as a source to the specified monitoring session along with the session name.

Step 8

UCS-A /eth-uplink/fabric/port-channel* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to add a port channel as a source for an Ethernet traffic monitoring session, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # show port-channel
UCS-A /eth-uplink/fabric/port-channel # scope port-channel 11
UCS-A /eth-uplink/fabric/port-channel* # create aggr-interface  member-port     mon-src
UCS-A /eth-uplink/fabric/port-channel* # create m member-port  mon-src
UCS-A /eth-uplink/fabric/port-channel* # create mon-src TC-A
UCS-A /eth-uplink/fabric/port-channel/mon-src* # commit-buffer
UCS-A /eth-uplink/fabric/port-channel/mon-src #

Adding a Breakout Interface Source to a Monitoring Session


Note

This procedure describes adding an Ethernet breakout interface as a source for a traffic monitoring session. To add a Fibre Channel breakout interface as a source, enter the scope fc-uplink command instead of the scope eth-uplink command in Step 1.

Before you begin

Configure a traffic monitoring session.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink command mode.

Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-uplink/fabric #

Enters the fabric connection mode.

Step 4

UCS-A /eth-uplink/fabric # scope aggr-interface <slot-id> <port-id>

Enters the aggregate interface configuration mode.

Step 5

UCS-A /eth-uplink/fabric/aggr-interface # scope br-interface <id>

Enters the bridge interface configuration mode.

Step 6

UCS-A /eth-uplink/fabric/aggr-interface/br-interface # create mon-src <session name>

Adds the breakout interface service profile as a source to the specified monitoring session.

Step 7

UCS-A /eth-uplink/fabric/aggr-interface/br-interface* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to add a breakout interface as a source for an Ethernet traffic monitoring session, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # scope aggr-interface 1 4
UCS-A /eth-uplink/fabric/aggr-interface # scope br-interface 1
UCS-A /eth-uplink/fabric/aggr-interface/br-interface # create mon-src TC-A
UCS-A /eth-uplink/fabric/aggr-interface/br-interface/mon-src* # commit-buffer
UCS-A /eth-uplink/fabric/aggr-interface/br-interface/mon-src #

Adding a FCoE Port Channel Source to a Monitoring Session


Note
This procedure describes adding a FCoE port channel as a source for a traffic monitoring session. To add a Fibre Channel FCoE port channel as a source, enter the scope fc-uplink command instead of the scope eth-uplink command in Step 1.

Before you begin

Configure a traffic monitoring session.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink command mode.

Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-uplink/fabric # scope fcoe-port-channel <port-id>

Enters the uplink FCoE port channel configuration mode.

Step 4

UCS-A /eth-uplink/fabric/fcoe-port-channel # create mon-src <session-name>

Adds the FCoE port channel service profile as a source to the specified monitoring session.

Step 5

UCS-A /eth-uplink/fabric/fcoe-port-channel* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to add a FCoE port channel as a source for an Ethernet traffic monitoring session and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # scope fcoe-port-channel 11
UCS-A /eth-uplink/fabric/fcoe-port-channel # create mon-src TC-A
UCS-A /eth-uplink/fabric/fcoe-port-channel/mon-src* # commit-buffer
UCS-A /eth-uplink/fabric/fcoe-port-channel/mon-src #

Adding a vHBA Source to a Monitoring Session

Before you begin

Configure a traffic monitoring session.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope org

Enters the organization mode for the specified organization.

Step 2

UCS-A /org # scope service-profile <profile name>

Enters the specified service profile template and enters organization service profile mode.

Step 3

UCS-A /org/service-profile # scope vhba <vhba-name>

Associates the specified vHBA with the service profile.

Step 4

UCS-A /org/service-profile/vnic # create mon-src <session name>

Adds the vHBA service profile as a source to the specified monitoring session.

Step 5

(Optional) UCS-A /org/service-profile/vnic/mon-src* # set direction{ receive | transmit | both

Sets the traffic direction to be monitored.

Note

 

vHBA can be monitored in receive direction only.

Step 6

UCS-A /org/service-profile/vnic/mon-src* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to add a vHBA as a source for an Ethernet traffic monitoring session, and commits the transaction: 

UCS-A# scope org
UCS-A /org # scope service-profile WDC
UCS-A /org/service-profile # scope vhba  vhba0
UCS-A /org/service-profile/vhba # create mon-src TC-A
UCS-A /org/service-profile/vhba/mon-src* # set direction receive
UCS-A /org/service-profile/vhba/mon-src* # commit-buffer
UCS-A /org/service-profile/vhba/mon-src #

Adding a VSAN Source (Fibre Channel) to a Monitoring Session

Before you begin

Configure a traffic monitoring session.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope fc-uplink

Enters Fibre Channel uplink command mode.

Step 2

UCS-A /fc-uplink # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /fc-uplink/fabric # scope vsan <vsan-id>

Enters the VSAN configuration mode.

Step 4

UCS-A /fc-uplink/fabric/vsan # create mon-src <session name>

Adds the VSAN service profile as a source to the specified monitoring session.

Step 5

UCS-A /fc-uplink/fabric/vsan* commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to add a VSAN as a source for a Fibre Channel traffic monitoring session, and commits the transaction: 

UCS-A# scope fc-uplink
UCS-A /fc-uplink # scope fabric a
UCS-A /fc-uplink/fabric # scope vsan 100
UCS-A /fc-uplink/fabric/vsan # create mon-src TC-A
UCS-A /fc-uplink/fabric/vsan/mon-src* # commit-buffer
UCS-A /fc-uplink/fabric/vsan/mon-src #

Adding a Port Channel (Fibre Channel) as a Source to a Monitoring Session

Before you begin

Configure a traffic monitoring session.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope fc-uplink

Enters Fibre Channel uplink command mode.

Step 2

UCS-A /fc-uplink # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /fc-uplink/fabric # scope port-channel <port-channel id>

Enters the uplink port channel configuration mode.

Step 4

UCS-A /fc-uplink/fabric/port-channel # create mon-src <session name>

Adds the port channel service profile as a source to the specified monitoring session.

Step 5

UCS-A /fc-uplink/fabric/port-channel* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to add a port channel as a source to a Fibre Channel traffic monitoring session and commits the transaction: 

UCS-A# scope fc-uplink
UCS-A /fc-uplink # scope fabric a
UCS-A /fc-uplink/fabric # scope port-channel 13
UCS-A /fc-uplink/fabric/port-channel # create mon-src TC-A
UCS-A /fc-uplink/fabric/port-channel/mon-arc* # commit-buffer
UCS-A /fc-uplink/fabric/port-channel/mon-arc

Activating a Traffic Monitoring Session

This procedure describes activating an Ethernet traffic monitoring session. To activate a Fibre Channel traffic monitoring session, the following changes are required:

  • Enter the scope fc-traffic-mon command instead of the scope eth-traffic-mon command in Step 1.

  • Enter the scope fc-mon-session command instead of the scope eth-mon-session command in Step 3.

Before you begin

Configure a traffic monitoring session.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-traffic-mon

Enters Ethernet traffic monitoring command mode.

Step 2

UCS-A /eth-traffic-mon # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-traffic-mon/fabric # scope eth-mon-session <session-name>

Enters the command mode of the traffic monitoring session with the specified name.

Step 4

UCS-A /eth-traffic-mon/fabric/eth-mon-session # disable | enable

Disables or enables the traffic monitoring session.

Step 5

UCS-A /eth-traffic-mon/fabric/eth-mon-session # commit-buffer

Commits the transaction to the system configuration.

Example

The following example activates an Ethernet traffic monitoring session and commits the transaction: 

UCS-A# scope eth-traffic-mon
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # scope eth-mon-session Monitor33
UCS-A /eth-traffic-mon/fabric/eth-mon-session # enable
UCS-A /eth-traffic-mon/fabric/eth-mon-session* # commit-buffer
UCS-A /eth-traffic-mon/fabric/eth-mon-session # show

Ether Traffic Monitoring Session:
    Name       Admin State       Oper State   Oper State Reason
    ---------- ----------------- ------------ -----------------
    Monitor33  Enabled           Up           Active

UCS-A /eth-traffic-mon/fabric/eth-mon-session #

Deleting a Traffic Monitoring Session


Note
This procedure describes deleting an Ethernet traffic monitoring session. To delete a Fibre Channel traffic monitoring session, the following changes are required:

  • Enter the scope fc-traffic-mon command instead of the scope eth-traffic-mon command in Step 1.

  • Enter the delete fc-mon-session command instead of the delete eth-mon-session command in Step 3.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope eth-traffic-mon

Enters Ethernet traffic monitoring command mode.

Step 2

UCS-A /eth-traffic-mon # scope fabric {a | b}

Enters traffic monitoring command mode for the specified fabric.

Step 3

UCS-A /eth-traffic-mon/fabric # delete eth-mon-session session-name

Deletes the traffic monitoring session with the specified name.

Step 4

UCS-A /eth-traffic-mon/fabric # commit-buffer

Commits the transaction to the system configuration.

Example

The following example deletes an Ethernet traffic monitoring session and commits the transaction: 

UCS-A# scope eth-traffic-mon
UCS-A /eth-traffic-mon # scope fabric a
UCS-A /eth-traffic-mon/fabric # delete eth-mon-session Monitor33
UCS-A /eth-traffic-mon/fabric* # commit-buffer
UCS-A /eth-traffic-mon/fabric #