Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
0
Replies

Best way to mirror/span packets between VMs on UCS chassis?

Tim Schroeder
Level 4
Level 4

‎10-28-2020 10:04 AM - edited ‎10-28-2020 10:05 AM

Goal: Capture all packets between all VMs running on ESXi on a UCS chassis

 

Requirements: 1) Must capture traffic between VM's running on the same blade on the same Vlan, 2) keep mirrored packets as separate from real network traffic as possible, 3) do not impact upstream network devices or bandwidth, 4) minimize overall performance impact.

Our solution is this:

1) Use VMware's port mirroring feature to mirror packets from all VMs to an unused VDS uplink (vmnic/vNIC). All Portgroups on this VDS should be configured to not use this uplink.

2) Use the UCS Traffic monitoring feature to mirror these uplinks to a dedicated port on the FI. Configure the sources to be the uplinks mentioned above on each B200 blade. Configure the destination to be an unused port on the FI. Do this on both FI's.

3) Connect the FI ports to a dedicated switch, a Gigamon or NetScout packet broker, or the analysis tool(s) of your choice for packet analysis and monitoring.

 

I would love to hear comments/criticisms and opinions on how other people are doing this.

packet-mirroring.png

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card