Dell Networking SONiC - Flow based mirroring
Summary: This article explains how to configure flow-based monitoring on Dell Networking SONiC.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
In the current article, you find instructions how to configure flow-based mirroring on Dell Networking SONiC.
Flow-based port mirroring use case example:
Use a monitoring policy to send a copy of network packets selected on one switch port, multiple switch ports, an entire VLAN, or port channel to a CPU.
In the example below, we share the steps for configuring a flow-based mirroring session with traffic filtering for src=any, dst=10.0.20.1
Additional filters can be added as required, filters must be added to the access-list.
Now we can run tcpdump on the transit switch where the above cfg was applied and see the packet/its content.
Flow-based port mirroring use case example:
Use a monitoring policy to send a copy of network packets selected on one switch port, multiple switch ports, an entire VLAN, or port channel to a CPU.
CAUTION: When sending the traffic to the CPU, be cautious and apply ingress packet filters for avoiding overloading the CPU.
NOTE: Flow-based mirroring was tested on Dell Networking SONiC 4.0.3.
In the example below, we share the steps for configuring a flow-based mirroring session with traffic filtering for src=any, dst=10.0.20.1
Additional filters can be added as required, filters must be added to the access-list.
Configuring a mirror session
In the example below, the mirror-session command is used, use form:mirror-session session-name
show running-configuration mirror-session ! mirror-session 2 destination CPU direction both
Setting the access-list named TEST
show running-configuration ip access-list TEST ! ip access-list TEST seq 10 permit ip any host 10.0.20.1 << in current case we would copy traffic with src any to dst 10.0.20.1 to CPU , additional port filters could be applied here.
Setting the class-map named FLOW-MAP
show running-configuration class-map FLOW-MAP ! class-map FLOW-MAP match-type acl match access-group ip TEST
Setting the policy-map FLOW-POLICY
show running-configuration policy-map FLOW-POLICY ! policy-map FLOW-POLICY type monitoring class FLOW-MAP priority 99 set mirror-session 2
Applying the policy-map to physical interface Ethernet6
show running-configuration interface Ethernet 6 ! interface Ethernet6 service-policy type monitoring in FLOW-POLICY <<we do expect that traffic will be flowing over current port, in ingress direction, therefore setting the monitor policy IN.
Now we can run tcpdump on the transit switch where the above cfg was applied and see the packet/its content.
DELLSONiC# exit admin@DELLSONiC:~$ sudo tcpdump -i any host 10.0.20.1
Affected Products
Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON
, PowerSwitch Z9432F-ON
...
Article Properties
Article Number: 000216195
Article Type: How To
Last Modified: 17 Oct 2023
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.