- Integrated Systems
- About Us
- Integrated Systems
- About Us
11-04-2011 02:04 PM
Port Mirroring of 2 blade servers
Sapan had a port mirroring question:
Scenario - 2 Blade server BL 280 G6 in the same chassis. 1 server is production and the other is HP RUM server(essentially a sniffer that has to collect data from the production server). These servers are internally connected to Virtual connect 1/10Gb switches. Virtual Connect is configured in Tagged mode. The uplink for the production server profile is a Shared uplink set and the uplink for the RUM server is a dedicated uplink. Both the uplinks are connected to the external L3 Procurve switch in port nos 1 and 2.
Task – The task is to configure port mirroring between the two ports,1 and 2, in the external L3 switches and make sure that the data is getting collected by the RUM server.
Problem – Though port mirroring has been configured, data is not getting collected by the HP RUM server.
Troubleshooting done – A Laptop is connected to the external switch port number 2 and the data is getting collected, hence there is no problem with the port mirroring in the external switch. VLAN tag is removed from the server profile assigned to HP RUM and still the data is not getting collected. Both the servers, production and HP RUM are assigned same VLAN tag. Still no data is being collected.
Question – Is the above mentioned setup of port mirroring possible? If so, How?
Not currently supported in Virtual Connect
Pls see the following in the “HP Virtual Connect for the Cisco Network Administrator” document.
SPAN (Port Monitoring)
Virtual Connect supports port monitoring functionality to assist in troubleshooting networking issues for servers connected to the external network through Virtual Connect. VC allows an Administrator to define a single, active port monitoring session per VC domain.
The monitor session must be configured with at least one ‘monitored port’ and a single ‘analyzer port’. The ‘monitor port’ list is the list of server downlinks whose traffic will be mirrored. The ‘analyzer port’ is the VC uplink port that the network analyzer is connected to. VC will mirror the traffic from the monitored ports to the analyzer port.
A Port Monitoring session can mirror the traffic for up to 16 server downlinks to the analyzer port. Any VC uplink can be defined as the analyzer port and any server downlinks can be selected as the monitored port. There is no VC Ethernet module dependency.
Lastly, the Administrator can choose the direction of the traffic to mirror – to the server, from the server, or both A previous note mentioned “Uplink performance can be monitored at the upstream switch. One to sixteen downlinks can be mirrored onto an available, unused uplink, and monitored at the upstream switch”.
You could read this in conjunction with another previous note (from Vincent?) :
It won’t work. VC will just not forward all captured frames to the downlink port of your analyzer blade. Let’s pick an example: you want to sniff traffic between a server with MAC A and a server with MAC B. You’ve got frames A->B and frames B->A in the conversation. Thanks to VC port mirroring, all these frames are put on the VC Analyzer port (external) and get back to the Net_Analyzer port through your loopback cable. Let’s say VC sees first a frame A->B on the Net_Analyzer network, it hasn’t seen B before on that network so it “floods” the frame, i.e. sends it to all server NICs connected to the Net_Analyzer network, namely your blade analyzer, good, that’s what you want. But at the same time it “learns” that MAC A (the source MAC in the above frame) is located outside the enclosure since it entered through a faceplate port. Next it gets a frame B->A from the captured traffic. Ah, but the destination MAC address (A) is known to be outside, this is wrong, drop the frame.
There just isn’t a way currently to instruct VC to forward all frames blindingly to a downlink port. There is such a way for external ports, and that’s precisely VC’s port mirroring feature.
Hope this makes sense.
Then configure 1 of those ports as your Port Mirror uplink and then configure the other as a simple vnet and then attach the blade sniffer to the vnet.
That won't work as VC would get confused by seeing those mac addresses on multiple ports, plus it would not send them to the server as they don't belong there.
So you could do it with a Mezz card on the sniffer and a 1Gb Eth pass thru if you really wanted to, right?
Yes, I would expect that to work.
Anyone done this kind of port mirroring? Other comments or suggestions?