Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1240
Views
0
Helpful
1
Replies

Making an EPG/BD a RSPAN destination

Andrew C
Level 1
Level 1

‎08-26-2016 01:10 AM - edited ‎03-01-2019 05:01 AM

Hi,

 

(This was originally posted in Cisco Communities, now removed and only here - I'm not sure how I ended up in there to post it, nor what the difference between the two sites is - except that there appears to be few users over there!)

I've been researching this on and off for a couple of months and asked a few of our Cisco partners but yet to come up with anything tangible to show for it! However, as our migration of VMs and physical boxes into ACI gathers pace I need to redouble my efforts to sort this!

 

So, we have a call recording application which in part uses RSPAN to get traffic from IP phones to the recorders (Windows Servers) - traffic flow/current setup is as follows:

 

Access layer switch (C3850) - monitor source vlan 10, 20; monitor destination vlan 5

  - connects to -

Core switches (C6509-V-E) - vlan 5 set for remote-span

  - connects to -

Datacenter switches (C6509-E) - monitor source vlan 5; monitor destination gix/x

 

Currently the satellite servers are connected to Catalyst 6500's but they are due to be decommissioned between now and Christmas so we need to migrate the servers so that they are connected to an ACI leaf node (9396PX). So it would look like this:

Access layer switch (C3850) - monitor source vlan 10, 20; monitor destination vlan 5

  - connects to -

Core switches (C6509-V-E) - vlan 5 set for remote-span

  - connects to -

Datacenter switches (ACI leaf nodes)

In IOS you would tell the destination VLAN that it is used for remote-span - what would be the equivilent in ACI? Do I need to do something Bridge Domain given that is the Layer 2 boundary, or is the config down in the EPG, or is there no extra configuration needed?

 

I'm currently working on a way to test it with minimum risk (due to the nature of the environment). Has anyone tried something like this or seen an article or whitepaper on it?

 

Many thanks in advance.

Andrew

Labels:
0 Helpful
1 Reply 1

Andrew C
Level 1
Level 1

‎08-26-2016 06:29 AM

Hi,

Since I first wrote this I've fired up a test VM connected to a VMware DVS which is managed by ACI. The VM has 2 NICs - one in the data portgroup (i.e. VLAN 100), and one in the RSPAN destination VLAN (i.e. VLAN 5).

I've created a BD or EPG for the RSPAN destination but with no special configuration - just the same configuration I would normally use for a L2 BD/EPG.

I ran a packet capture on the RSPAN interface on the VM and can see HSRP HELLOs and ARP requests the 2x source VLANs (80 and 90), but not the RTP traffic I see when capturing on the call recorder. The HSRP and ARP packets are sourced from the core switches, don't see anything from the access layer. Does anyone know why I would only see some packets rather than all? I've dug out my CCNP Switch notes but can't see a reason there!

I stumbled on this article - http://everythingshouldbevirtual.com/vmware-vds-rspan-port-mirroring - which shows some changes to be made to the DVS in vCenter to select Remote Mirroring Destination. With the DVS being controlled in part by ACI is there an issue doing this? And presumably the VLAN ID I'd be setting it up to capture from would be the dynamically assigned one from the VMM VLAN pool (something between 2000 and 2999) rather than the IOS VLAN 5?

Cheers,
Andrew

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License