Configure and Administer Port Mirroring

images

What is Port Mirroring?

Port mirroring is technology that duplicates network packets of a switch port to another port where it is monitored at the destination port. Most switch vendors implement Port Mirroring in their switches. Supported on vDS’s only and overcomes the issue of enabling Promiscuous Mode on a port where this port then sees all the traffic going through it

What is it used for?

  • Troubleshooting
  • Input for network analysis
  • Intrusion Detection systems

Instructions for configuring Port Mirroring

Note: Both source and destination must be on the same ESXi Host

  • Log into vCenter
  • Go to Networking
  • Right click your vDS and select Edit Settings
  • Click the Port Mirroring tab

Mirror1

  • Click Add

Mirror2

  • Put in a name
  • Put in a Description
  • If you do not select Allow normal I/O on destination ports then mirrored traffic is allowed out on destination ports but no traffic is allowed in
  • If you select Encapsulate VLAN then this VLAN ID encapsulates all frames at the destination port. If packets already have a VLAN then the VLAN is replaced with VLAN ID specified here
  • If you select Preserve Original VLAN then the original VLAN is kept and a packet is added with another VLAN tag specified
  • If you select Mirrored Packet Length then this puts a limit on the size of the mirrored frames. Increasing this length increases the time taken to process packets. Used for capturing protocols of a certain length
  • Click Next

Mirror3

  • Traffic direction can be Ingress/Egress or Both

Traffic Direction can be thought of in terms of the vDS. Ingress is traffic from the VM to the vDS and Egress is traffic from the vDS to the VM

  • As an example I chose Port 5 and Ingress/Egress

Mirror4

  • On the destination page you can choose Port or Uplink for a destination and choose more than one of either

There are Caveats

  1. In a session, a port cannot be both a Source and a Destination
  2. A port cannot be a destination for more than one session
  3. A promiscuous port cannot be an Egress source destination
  4. An egress source cannot be a destination of any session to avoid cycles of mirrored paths
  • As an example I have chosen dvUplink 1

Mirroring5

  • Click Enable this Port Mirroring Session. By default it is disabled

Mirroring6

  • Click Finish and check the overview

Mirroring7

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.