Remote Mirroring - Avaya 8800 Troubleshooting Manual
Ethernet routing switch
Hide thumbs
Also See for 8800:
- Planning and engineering, network design (327 pages) ,
- Planning and engineering (306 pages) ,
- Configuration manual (226 pages)
Table of Contents
Advertisement
debugging, or for security purposes such as packet sniffing, intrusion detection, or intrusion
prevention.
Mirroring does not affect IPFIX actions. After duplication, the packet proceeds along its original
path.
You can configure as many ingress mirroring flows as you have filters. In flow-based remote
mirroring, the RMS encapsulates all flow-based mirroring packets, and does not distinguish
between RMTs based on flows. You can configure one RMS and one RMT per port.
To avoid VLANs and Spanning Tree Groups (STG) members from seeing mirrored traffic, you
must remove mirroring (destination) ports from all VLANs and STGs.
Ingress mirroring mirrors packets that are not dropped by the MAC. The MAC drops any errored
packet, for example, packets that are too short or too long. Control packets consumed by the
MAC (802.3x flow control) are also not mirrored.
Remote mirroring
Use remote mirroring to steer mirrored traffic through a switch cloud to a network analysis
probe located on a remote switch. Many ports from different switches can be monitored using
one network probe device. This function is achieved by encapsulating mirrored packets. The
encapsulated frame can be bridged though the network to the remote diagnostic termination
port.
Remote mirroring uses a specific VLAN if remote mirroring is enabled on the port mirroring
destination port. The VLAN ID is set in the Monitor Tag field of the remote mirrored packet.
You can segregate remote mirrored traffic to a single VLAN.
When an RMT port receives an encapsulated frame from the switch fabric, it strips off the
remote mirroring encapsulation as it is being transmitted on the port. Remote mirrored
encapsulated frames are identified when the configured remote mirroring destination MAC
address is detected as the destination MAC address in the packet. The RMT sends dummy
broadcast Layer 2 packets with the remote mirroring destination MAC address as the source
MAC address so that all nodes in the network can learn this MAC address. The dummy
broadcast is sent every 10 seconds (because the minimum value of the forwarding database
[FDB] aging timer is 10 seconds). When you configure a port as a RMT, a static FDB entry is
added to channel all traffic destined for the remote mirroring destination MAC address to the
RMT port. When you remove an RMT port from all of the configured VLANs, the remote
mirroring feature is disabled on the port.
The remote mirroring encapsulation wrapper is 20 bytes long and consists of a Layer 2
Destination Address, Layer 2 Source Address, Monitor Tag, Monitor Ether Type, and Monitor
Control. The original CRC-32 is stripped from a mirrored packet, and a new CRC-32 is
computed over the entire encapsulated frame. When the mirrored frame is 1522 bytes (1518
plus 4-byte 802.1p/q tag), the resulting maximum frame is 1542 bytes. All the nodes in the
network must be able to handle 1542-byte packets.
Troubleshooting
Remote mirroring
July 2013
35
Advertisement
Table of Contents
Troubleshooting
