H3C Switch Port Mirroring Principle

The following content is taken from April this yearNew MarketOf《Cisco/H3C switch advanced configuration and management technical manual, Companion articles --Cisco/H3C Switch configuration and management manual version 2nd)It is also selling well nationwide.

18.1.2 H3C Switch Port Mirroring Principle

As described above, H3C Ethernet switches support local port images, L2 remote port images, and L3 remote port images. This section describes how these three port images work.

1. Local Port Mirroring Principle

For a local port image, the image source and image belong to the same image group on the same device. This image group is called a local image group. The local port image is implemented through the local image group, that is, the source port and the destination port are in the same local image group. The device copies the source port packets and forwards them to the destination port.

As shown in 18-2, the source port GE3/0/1) packet is mirrored to the target port GE3/0/2 ), in this way, data monitoring devices connected to the destination port can monitor and analyze these packets. This is the simplest Port Mirroring method. If the vswitch has multiple boards, the local image group supports cross-board images, that is, the destination port and source port can be on different boards of the same device.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0153425933-0.jpg "border =" 0 "alt =" "/>

Figure 18-2 local port image example

2. layer-2 remote port mirroring Principle

L2 remote port images are implemented through mutual cooperation between remote source image groups and remote destination image groups. Two-layer remote port mirroring can be implemented through fixed reflection port, non-fixed reflection port, and outbound port. The fixed reflection port mode and the non-fixed reflection port mode are also collectively referred to as the reflection port mode. The difference is that the device that supports the former has a fixed reflection port, therefore, you do not need to manually configure the reflection port. For devices that support the latter, You need to manually configure the reflection port.

As shown in Figure 18-3, a two-layer remote port image of the reflection port method is used. At this time, the source device copies a packet sent to the source port GE3/0/1 to the reflection port GE3/0/3, and then the reflection port broadcasts the image packet in the remote image VLAN, the final image packet is forwarded to the destination device through the intermediate device. After receiving the report, the target device identifies its vlan id. If the vlan id is the same as that of the remote image VLAN, the device forwards the vlan id to the target port GE3/0/2, finally, the port forwards the image packet to the data monitoring device.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/015342C61-1.jpg "border =" 0 "alt =" "/>

Figure 18-3 L2 remote port image for port reflection

The two-layer remote port image is shown in 18-4. At this time, the source device copies the packets sent to the source port GE3/0/1 to provide the port GE3/0/2, which forwards the image packets to the intermediate device, then, the intermediate device broadcasts in the remote image VLAN to reach the destination device. After receiving the report, the target device identifies its vlan id. If the vlan id is the same as that of the remote image VLAN, the device forwards the vlan id to the target port GE3/0/2, finally, the port forwards the image packet to the data monitoring device.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0153423C7-2.jpg "border =" 0 "alt =" "/>

Figure 18-4 L2 remote port image for outbound port Mode

Note: The intermediate device must allow remote image VLAN passing to ensure that the L2 network between the source device and the target device is smooth. When the image message arrives at the destination device from the source device, make sure that its vlan id is not modified or deleted. Otherwise, the L2 remote image function will be invalid.

In the reflection port mode, the source device broadcasts the image packets in the remote image VLAN. Therefore, the source device adds a port that does not belong to the mirror source to the remote image VLAN, you can also implement the local port image function.

To send and receive packets from the same port in an image groupMac-address mac-learning disableCommand is used to disable the MAC address learning function of the remote image VLAN to ensure the normal operation of the image function. This chapter describes the details.

3. Principle of L3 remote Port Mirroring

Layer-3 remote port images are implemented through the remote source image group, remote destination image group, and GRE tunnel, but only a few H3C switch series support, such as S5500-EI, S58, S7500E series. As shown in 18-5, the source port GE2/0/1 on the source device is mirrored to the Tunnel interface as its destination port), and then sent to the destination device through the GRE Tunnel, the destination device then uses the Tunnel interface as its source port) to forward the packet to its destination port 2/0/2 ). In this way, the Data Monitoring Device connected to the destination port on the destination device can monitor and analyze the packets on the source port on the source device.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/015342JF-3.jpg "border =" 0 "alt =" "/>

Figure 18-5 example of a layer-3 remote port Image

This article is from the "Wang da blog" blog. For more information, contact the author!