BladeSystem Virtual Connect
Showing results for 
Search instead for 
Did you mean: 

Re: Virtual Connect Port Mirroring to another Blade

Trusted Contributor

Virtual Connect Port Mirroring to another Blade

Reginald had an interesting question on Virtual Connect port mirroring.





        Customer wants to mirror a port off the VC module, but do it to a server blade in the same enclosure. I understand that to do port mirroring and if done incorrectly you can create a loop situation on the network. So, here is what we're thinking, take one of the server blades in the enclosure that would run the network analyzer. In its profile we've define a port mapped to a port off the VC called "Net Analyzer". Go through the process of setting up the port to be mirrored via the VC manager. On the server blade that is being used as the network analyzer, disconnect all of the network connections with the exception of the one being used for the analyzer. They would then use the iLO remote console to gain access to the system and run the analyzer. We would then run a ethernet cable from the VC Network Analyzer Port to the server Net_Analyzer port where the network analyzer is running.


        Is there any technical reason that this would not be possible as a given solution? Seeing that the VC network analyzer port connection would run to some external system for analysis anyway.



Chris answered:


I had a customer attempt to do this, and got inconsistent results.  IF it’s going to work, the “Net Analyzer” network will need to be put into Tunnel Mode.  This of course is an unsupported configuration, and never intended to work.



Have you tried this? How are you doing Port Mirroring? Join the fray!


Trusted Contributor

Re: Virtual Connect Port Mirroring to another Blade

Vincent joined the discussion with some additional info:




It won’t work. VC will just not forward all captured frames to the downlink port of your analyzer blade. Let’s pick an example: you want to sniff traffic between a server with MAC A and a server with MAC B. You’ve got frames A->B and frames B->A in the conversation. Thanks to VC port mirroring, all these frames are put on the VC Analyzer port (external) and get back to the Net_Analyzer port through your loopback cable. Let’s say VC sees first a frame A->B on the Net_Analyzer network, it hasn’t seen B before on that network so it “floods” the frame, i.e. sends it to all server NICs connected to the Net_Analyzer network, namely your blade analyzer, good, that’s what you want. But at the same time it “learns” that MAC A (the source MAC in the above frame) is located outside the enclosure since it entered through a faceplate port. Next it gets a frame B->A from the captured traffic. Ah, but the destination MAC address (A) is known to be outside, this is wrong, drop the frame.

There just isn’t a way currently to instruct VC to forward all frames blindingly to a downlink port. There is such a way for external ports, and that’s precisely VC’s port mirroring feature.

Hope this makes sense.