Restriction:
- SONiC Everflow is similar to Cisco ERSPAN.
- SONiC does NOT support Local SPAN and Remote SPAN. (Definitions of SPAN/RSPAN /ERSPAN, please refer to Cisco Types of SPAN)
- Everflow supports mirror only ingress traffic of source interface. Because SONiC ACL supports only ingress direction(refer to this article).
- There is no SONiC command for add ACL Table for type MIRROR. (refer to this article)
Reference model:
- Switch model name: AS7816-64X
- Edgecore SONiC version: SONiC.Edgecore-SONiC_20200116_051623_ec201904_128
Example 1. Basic Everflow configuration
Procedure :
Step 1. Configure Switch IP address (refer to this article)
i.g 192.168.1.1/24 on Ethernet0
admin@sonic:~$ sudo config interface ip add Ethernet0 192.168.1.1/24
Step 2. Create a mirror session to specify source and destination IP address.
This command is used to add or remove mirroring sessions. Mirror session is identified by "session_name".
config mirror_session add [OPTIONS] <session_name> <src_ip> <dst_ip> <dscp> <ttl> [gre_type] [queue]
Note: session_name, src_ip, dst_ip, dscp, ttl are required for adding a new session. are_type and queue are optional.
admin@sonic:~$ sudo config mirror_session add ts1_everflow 192.168.1.1 192.168.3.35 63 255
Caution: src_ip is switch IP address. (refer to Step 1. Configure switch IP address)
Step 3. Check mirror_session by SONiC commands
admin@sonic:~$ show mirror_session
Name Status SRC IP DST IP GRE DSCP TTL Queue
------------ -------- ----------- ------------ ----- ------ ----- -------
ts1_everflow error 192.168.1.1 192.168.3.35 63 255
Caution/known issue: status of mirror session always display error.
This is a known issue and it is a display issue only. It will be fixed in new version.
https://github.com/Azure/sonic-buildimage/issues/3188
Step 4. Save above settings to /etc/sonic/config_db.json, since we will edit /etc/sonic/config_db.json on the following steps.
admin@sonic:~$ sudo config save -y
Step 5. Create ACL table and rules for traffic classification. (How to add ACL table and rules? Please refer to this article)
admin@sonic:/etc/sonic$ sudo vi config_db.json { omitted... "ACL_TABLE": { "ACL_Mirror": { "policy_desc": "mirror", "type": "MIRROR",
"stage": "ingress", "ports": ["Ethernet1"] } }, "ACL_RULE": { "ACL_Mirror|ACE_Mirror": { "PRIORITY": "55", "IP_TYPE": "ipv4any", "MIRROR_ACTION": "ts1_everflow" } }, omitted... }
Note:
- The value of ACL type must be MIRROR
- The value of MIRROR_ACTION is the name of mirror session
Steps 6. Reload config or Reboot the switch
admin@sonic:~$ sudo config reload -y
Step 7. Check ACL table and rules
admin@sonic:~$ show acl table
Name Type Binding Description
---------- ------ --------- -------------
ACL_Mirror MIRROR Ethernet1 mirror
admin@sonic:~$ show acl rule
Table Rule Priority Action Match
---------- ---------- ---------- -------------------- ----------------
ACL_Mirror ACE_Mirror 55 MIRROR: ts1_everflow IP_TYPE: ipv4any
Caution: Have to make sure IP connectivity works properly between the switch and remote server. Otherwise,
Steps 7. Check the arp of monitor server is learned on arp table.
admin@sonic:~$ show arp
Address MacAddress Iface Vlan
------------ ----------------- ---------- ------
192.168.3.35 8c:ea:1b:30:da:4a Ethernet16 -
Total number of entries 1
Caution: Before switch learn the arp of monitor device to arp table, the ERSPAN won't work.
ACL Table example: Classify LLDP(0x88CC) and LACP(0x8809) packets
"ETHER_TYPE": "0x88cc" for LLDP
"ETHER_TYPE": "0x8809" for LACP
/etc/sonic/config_db.json
{
omitted...
"ACL_TABLE": { "ACL_Mirror": { "policy_desc": "mirror", "type": "MIRROR",
"stage": "ingress", "ports": ["Ethernet8"] } }, "ACL_RULE": { "ACL_Mirror|ACE_Mirror1": { "PRIORITY": "55", "ETHER_TYPE": "0x88cc", "MIRROR_ACTION": "ts1_everflow" }, "ACL_Mirror|ACE_Mirror2": { "PRIORITY": "54", "ETHER_TYPE": "0x8809", "MIRROR_ACTION": "ts1_everflow" },
},
omitted...
}
Comments
0 comments
Please sign in to leave a comment.