HPE Community
Aruba & ProVision-based
1751694 Members
5142 Online
108781 Solutions
New Discussion юеВ

Re: mirror-port sees half of traffic as vlan tagged

 
SOLVED
Go to solution
chalowther
Occasional Advisor

тАО05-02-2016 03:36 PM

тАО05-02-2016 03:36 PM

mirror-port sees half of traffic as vlan tagged

I am trying to use a mirror-port on an HP 2530, but half the mirrored traffic is vlan tagged and I'm trying to determine if I can avoid this.  I'm wondering if anybody knows if that is possible.  The documentation seems inaccurate, and I don't really trust it.

It is a very simple mirror-port configuration, where I am monitoring a single interface which has a single untagged vlan.  The mirror-port has a different untagged vlan on it.  There are no tagged vlan ports anywhere on the switch.

When looking at traffic on the mirror-port, all the ingress traffic to the monitor port is untagged, but all egress traffic from the monitor port is tagged.

I've tried a number of variations. For example, making the mirror-port untagged on the same vlan as the monitor port.  I have not seen any change in behavior.  I also tried booting into YA.15.x firmware.

release #YA.16.01.0004

0 Kudos
9 REPLIES 9
chalowther
Occasional Advisor

тАО05-04-2016 07:48 AM

тАО05-04-2016 07:48 AM

Re: mirror-port sees half of traffic as vlan tagged

I should add the device connected to the mirror-port is a Linux box.  Here are a couple of packets from tcpdump that show the issue.  The monitored port is connected directly to the 10.10.255.1 device.  The packet leaving the monitored port arrives to my Linux box as vlan tagged (ethertype 802.1Q (0x8100)).  The packet arriving at the monitored port is not vlan tagged (ethertype IPv4 (0x0800))

16:27:01.721917 f0:9c:e9:a6:8c:80 > b4:0c:25:4b:1c:10, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 10.10.255.109 > 10.10.255.1: ICMP echo request, id 25693, seq 0, length 64


16:27:01.722912 b4:0c:25:4b:1c:10 > f0:9c:e9:a6:8c:80, ethertype IPv4 (0x0800), length 98: 10.10.255.1 > 10.10.255.109: ICMP echo reply, id 25693, seq 0, length 64

Has anybody else seen behavior like this?  The older switches I replaced with the 2530s did not act this way.

0 Kudos
Michael Patmon
Trusted Contributor

тАО05-04-2016 11:21 AM

тАО05-04-2016 11:21 AM

Re: mirror-port sees half of traffic as vlan tagged

48 port variety of 2530?  I was able to reproduce, am investigating.

 

0 Kudos
chalowther
Occasional Advisor

тАО05-04-2016 12:41 PM

тАО05-04-2016 12:41 PM

Re: mirror-port sees half of traffic as vlan tagged

Thanks Michael.  It is a 24 port model.  J9776A 2530-24G

0 Kudos
chalowther
Occasional Advisor

тАО05-05-2016 07:50 AM

тАО05-05-2016 07:50 AM

Re: mirror-port sees half of traffic as vlan tagged

I was able to test a 2824 and a 3400cl, and they both exhibited the same behavior of half the traffic being vlan-tagged.  The 2524 I am replacing with the 2530 did not tag any packets to the mirror port.

This leads me to believe this is intended behavior and is not a change nor a bug.  It still seems strange to me.

The line in the documentation I keep staring at trying to see if I can change the egress traffic vlan tagging hasn't helped me

egress mirroring does not reflect the tagged or untagged
characteristic to the mirror port, instead it reflects the tagged or untagged characteristic of the
mirror port.

0 Kudos
16again
Respected Contributor

тАО05-05-2016 12:59 PM

тАО05-05-2016 12:59 PM

Re: mirror-port sees half of traffic as vlan tagged

After rethinking this issue:
If you want to mirror a port having multiple VLANs....there's no other way than to keep the tags

0 Kudos
chalowther
Occasional Advisor

тАО05-05-2016 02:36 PM

тАО05-05-2016 02:36 PM

Re: mirror-port sees half of traffic as vlan tagged

The problem is the monitored port does not have multiple VLANs.  Every port on the switch has a single untagged VLAN associated with it. 

In other words, traffic never arrives at the switch tagged or leaves the switch tagged.  However, the mirror-port is sent tagged packets.

My conclusion at this point is that this is simply how the mirror-port is implemented.

0 Kudos
Vince-Whirlwind
Honored Contributor

тАО05-05-2016 06:19 PM

тАО05-05-2016 06:19 PM

Re: mirror-port sees half of traffic as vlan tagged

My understanding is that when *we* talk about traffic being "tagged" or "untagged" we are always talking about the frame format being implemented on a switchport.

Switches need to know what VLAN every single frame belongs to, independently of whether that frame arrived with a tag or not, and independently of whether the outgoing switchport is going to tag it or not.

So, internally and independently of any switchport, each frame is tagged by the switch when it is being switched.

Normally, you don't see these tags, but I wouldn't be surprised that some switches show slightly different behaviour around this.

0 Kudos
Michael Patmon
Trusted Contributor

тАО05-05-2016 08:33 PM

тАО05-05-2016 08:33 PM

Solution

Re: mirror-port sees half of traffic as vlan tagged

Spoke with one of our developers for this product and it appears to be a quirk of the switch chip when doing egress mirroring.  All packets transit the switch with a VLAN tag and it is removed for untagged ports just prior to egressing the swtich.  The mirrored copy is happening before that action is performed, so you get the tag in your mirror-port.

There doesn't appear to be anything that can be done in software to fix this behavior.  I filed a bug internally to track it while we investigate further but I think this may just be how it works...

 

chalowther
Occasional Advisor

тАО05-06-2016 08:37 AM

тАО05-06-2016 08:37 AM

Re: mirror-port sees half of traffic as vlan tagged

Thanks guys, I truly appreciate the assistance and insight.  It does seem like this is just how it works.  It would be a nice-to-have if this was configurable, and the documentation could be made clearer.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.