Policy Based Mirroring - Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual

Policy Applications
•
In most cases, a redirected flow will not trigger an update to the routing and ARP tables. When the
ARP table is cleared or timed out, port/link aggregate redirection will cease until the ARP table is
refreshed. If necessary, create a static route for the flow or assign the redirect port or link aggregate ID
to the ingress VLAN (VLAN A) to send packets to the redirect port until a route is available.
•
When redirecting bridged traffic on VLAN A, the redirect port or link aggregate ID must belong to
VLAN A (tagged or default VLAN).
In the following example, flows destined for UDP port 80 is redirected to switch port 3/2:
-> policy condition L4PORTCOND destination udp port 80
-> policy action REDIRECTPORT redirect port 3/2
-> policy rule L4PORTRULE condition L4PORTCOND action REDIRECTPORT
In the following example, flows destined for IP address 40.2.70.200 are redirected to link aggregate 10:
-> policy condition L4LACOND destination IP 40.2.70.200
-> policy action REDIRECTLA redirect linkagg 10
-> policy rule L4LARULE condition L4LACOND action REDIRECTLA
Note that in both examples above, the rules are not active on the switch until the qos apply command is
entered on the command line.

Policy Based Mirroring

A mirroring policy sends a copy of ingress, egress, or both ingress and egress packets that match the
policy condition to a specific port. This type of policy may use any condition; the mirror policy action
determines the type of traffic to mirror and the port on which the mirrored traffic is received.
The policy action mirror
example, the following policy mirrors ingress packets to port 1/10:
-> policy condition c1 source ip 192.168.20.1
-> policy action a1 mirror ingress 1/10
-> policy rule r1 condition c1 action a1
-> qos apply
When the above rule is activated, any flows coming into the switch from source IP address 192.168.20.1
are mirrored to port 1/10. It is also possible to combine the MTP action with other actions. For example:
-> policy condition c1 source ip 192.168.20.1
-> policy action a1 mirror ingress 1/10 disposition drop
-> policy rule r1 condition c1 action a1
-> qos apply
This policy rule example combines the MTP action with the drop action. As a result, this rule drops
ingress traffic with a source IP of 192.168.20.1, but the mirrored traffic from this source is not dropped
and is forwarded to port 1/10.
Note the following regarding the use and configuration of mirroring policies:
•
Only one policy-based MTP session is supported at any given time. As a result, all mirroring policies
should specify the same destination port.
•
In addition to one policy-based MTP session, the switch can support one port-based mirroring session,
one remote port mirroring session, and one port monitoring session all running at the same time.
page 30-60
command is used to configure mirror-to-port (MTP) action for the policy. For
OmniSwitch 6800/6850/9000 Network Configuration Guide
Configuring QoS
March 2008