CRS-ACL-Based Traffic Mirroring
RP/0/RSP0/CPU0:CRS #show access-lists span
Thu Oct 11 09:08:44.123 UTC
ipv4 access-list span
10 permit ipv4 host 10.1.12.1 host 10.1.23.3 capture <<<加capture关键字的acl条目才会执行span
15 permit ipv4 host 10.2.2.2 host 10.3.3.3
20 permit ipv4 any any
RP/0/RSP0/CPU0:ASR9006-G#
RP/0/RSP0/CPU0:CRS#show run monitor-session cmcc ipv4
Thu Oct 11 09:08:00.562 UTC
monitor-session cmcc ipv4
destination next-hop 10.1.34.4
!
RP/0/RSP0/CPU0:CRS#show run int gi0/0/0/0
Thu Oct 11 09:06:09.369 UTC
interface GigabitEthernet0/0/0/0
ipv4 address 10.1.12.2 255.255.255.0
monitor-session cmcc ipv4 direction rx-only <<<< CRS 仅支持入向流量的SPAN,所以必须指定rx-only关键字
acl
!
ipv4 access-group span ingress
CRS-SPAN over Pseudowire
ASR9000中其实是有相关的feature的,而且配置很简单,无需额外的物理连线,可以在内部直接将monitor的流量通过PW发给对端,monitor的源就相当于AC链路了,但是CRS中不支持相关的配置,但我们可以“曲线救国”,实现span的流量通过L2VPN发给对端PE.
有关ASR9K的对应feature可以参考以下的文章:
以下是在CRS中通过其它方法实现的相同的功能的配置案例:如下图所示, 将Ten0/1/0/7的入向流量通过monitor-session复制到对端的5501-A.
需要使用一根光纤将Ten0/1/0/10和Ten0/1/0/6环起来。相关配置如下:
CRS-A L2VPN
interface TenGigE0/1/0/6
l2transport
l2vpn
xconnect group xuxing
p2p xuxing
interface TenGigE0/1/0/6
neighbor ipv4 218.21.155.247 pw-id 10
!
interface TenGigE0/1/0/10
ipv4 address 200.0.0.1 255.255.255.0
!
ASR9922 L2VPN
interface TenGigE0/1/0/6
l2transport
!
l2vpn
xconnect group xuxing
p2p xuxing
interface TenGigE0/1/0/6
neighbor ipv4 218.25.210.64 pw-id 10
CRS-A SPAN
ipv4 access-list span
10 permit ipv4 host 100.1.1.5 any capture
20 permit ipv4 any any
!
monitor-session cmcc ipv4
destination next-hop 200.0.0.2
!
interface TenGigE0/1/0/7
ipv4 address 100.1.1.2 255.255.255.0
monitor-session cmcc ipv4 direction rx-only
acl
!
load-interval 30
ipv4 access-group span ingress
!
NCS5501
interface TenGigE0/0/0/6
ipv4 address 200.0.0.2 255.255.255.0
Note
记录下SPAN后流量的封装格式:
上图,镜像流量的目的地址是10.1.13.2,那么镜像流量在CRS和Test Device之间的封装如下所示:
Some command
#Show monitor-session status
#Show monitor-session status detail
#show monitor-session ipv4 counters location 0/0/CPU0 <<< CRS 需要加location才能查看counter
Tags: Configure
No comments
Comments feed for this article