SPAN and ERSPAN
I'm going to do both of these on Nexus 7000. Format is the same across all nexus platforms as far as I am aware. Two monitor sessions are supported on each VDC.
SPAN
SPAN is relatively simple and similar to what is done on in IOS. A few of the options that we might see in the CCIE lab are filtering on VLANs and ingress/ingress learning. There are a lot of caveats for which I plan to use the documentation as needed in the lab.
Here is a simple configuration;
interface Ethernet1/7
switchport
switchport mode trunk
switchport monitor
monitor session 1
source interface Ethernet1/7 both
destination interface Ethernet1/9
gwlswd1# sh monitor session 1
session 1
---------------
type : local
state : down (Session admin shut)
source intf :
rx : Eth1/7
tx : Eth1/7
both : Eth1/7
source VLANs :
rx :
tx :
both :
filter VLANs : filter not specified
destination ports : Eth1/9
Legend: f = forwarding enabled, l = learning enabled
ERSPAN
Encapsulated Remote Switch Port Analyzer uses IP as a transport to forward mirrored traffic across the network. Again, there are lots of caveats to be aware of so use the Cisco documentation.
Summary of steps.
1. Config the source and destination on the Switch where the monitoring is being done (I'm trying to monitor the supervisor eth0 in this case)
monitor session 1 type erspan-source
description mgmt traffic on Switch2
erspan-id 1
vrf default
destination ip 192.168.1.1
source interface sup-eth0 both
monitor erspan origin ip-address 192.168.1.2 global
gwlswd2# sh monitor session all
session 1
---------------
description : mgmt traffic on swd2
type : erspan-source
state : up
erspan-id : 1
vrf-name : default
acl-name : acl-name not specified
ip-ttl : 255
ip-dscp : 0
destination-ip : 192.168.1.1
origin-ip : 192.168.1.2 (global)
source intf :
rx : sup-eth0
tx : sup-eth0
both : sup-eth0
source VLANs :
rx :
tx :
both :
filter VLANs : filter not specified
2. Configure the Destination where the monitored traffic will be sent
Configure the monitor port
interface Ethernet1/7
switchport
switchport mode trunk
switchport monitor
Configure the monitor session
monitor session 1 type erspan-destination
erspan-id 1
vrf default
source ip 192.168.1.1
destination interface Ethernet1/7
no shut
gwlswd1(config-erspan-dst)# sh mon session 1
session 1
---------------
type : erspan-destination
state : down (No operational src/dst)
erspan-id : 1
vrf-name : default
source-ip : 192.168.1.1
destination ports : Eth1/7
I used IP addresses in the management VRF which is not supported. That is why the state is down in the show command. If I have time, I may try again with the default VRF. Seems pretty simple though and there is a good example in the configuration guide.
Netflow
Flow Record - Matches key pieces of information to identify packets in a flow.
Exporter - An exporter contains network and transport layer details for a Netflow export packet.
• Export destination IP address
• Source interface
• UDP port number (where the collector is listening for NetFlow packets)
• Export format
Monitor - a Monitor ties the flow record and exporter together and is bound to an interface (interface must be L3)
Sampler - Samples packets at a specified rate
Example Configuration
flow record TEST-RECORD
match ip protocol
collect transport tcp flags
collect counter bytes
flow exporter TEST-EXPORTER
destination 10.10.209.60
source Ethernet2/9
version 9
flow monitor TEST-MONITOR
record TEST-RECORD
exporter TEST-EXPORTER
interface Ethernet2/1
no switchport
ip flow monitor TEST-MONITOR input
Smart Call Home
Smart Call Home can be used with pager services, email and XML based-automated parsing.
Destination Profile - Can have one or more alert groups and email destinations. Also specifies the message format (short or full text, XML) and the severity level. There are three predefined destination profiles:
- CiscoTAC-1—Supports the Cisco-TAC alert group in XML message format. This profile is
preconfigured with the callhome@cisco.com e-mail contact, maximum message size, and message
severity level 0. You cannot change any of the default information for this profile. - full-text-destination—Supports the full text message format.
- short-text-destination—Supports the short text message format.
Default Settings
Destination message size for a message sent in fulltext format 2,500,000
Destination message size for a message sent inXML format 2,500,000
Destination message size for a message sent inshort text format 4000
SMTP server port number if no port is specified 25
SMTP server priority if no priority is specified 50
Alert group association with profile All for full-text-destination and
short-text-destination profiles. The cisco-tac alert
group for the CiscoTAC-1 destination profile.
Format type XML
Smart Call Home message level 0 (zero)
HTTP proxy server use Disabled and no proxy server configured
Example Configuration
callhome
contract-id 12345678
switch-priority 1
site-id 987
email-contact gregg@hellanetwork.com
phone-contact +1-540-555-1212
streetaddress 111 Main Street
distribute
destination-profile HELLA-NOC
destination-profile HELLA-NOC format full-txt
destination-profile full_txt message-level 4
destination-profile full_txt email-addr gregg@hellanetowrk.com
transport email mail-server 10.10.209.60 port 25 priority 50 use-vrf default
enable
commit
N7K-1# sh callhome
callhome enabled
Callhome Information:
contact person name(sysContact):Hella Network
contact person's email:gregg@hellanetwork.com
contact person's phone number:+1-540-555-1212
street addr:111 Main Street
site id:987
customer id:
contract id:12345678
switch priority:1
duplicate message throttling : enabled
periodic inventory : enabled
periodic inventory time-period : 7 days
periodic inventory timeofday : 08:00 (HH:MM)
Distribution : Enabled
NTP
Very simple - not spending any time on this
PTP
PTP stands for Precision Time Protocol. The protocol is accurate down to the sub micro second range. There really isn't much to the configuration so I'm just going to show an example based on the Cisco documentation. Note that ptp needs the feature turned on and each interface that participates must be configured.
feature ptp
ptp source 1.1.1.1
ptp priority1 1
interface ethernet1/1
ptp
DCNM Configuration and Verification
Overview
DCNM is made up of two main pieces - SAN and LAN
SAN
- SAN Server
- SAN Client
- Device Manager - Graphical representation of a MDS 9000 that can be used to configure and monitor the Switch
- Web Client
- Performance Manager
- Traffic Analyzer - Uses SPAN traffic and is based on NTOP
- LAN Server
- LAN Client
