Views:

Configure port mirroring in VMware NSX to allow Virtual Network Sensor to monitor network traffic.

Before you begin

VMware NSX Version 4.2.2 supports two methods for port mirroring:
  • Logical SPAN: Mirrors traffic within the same NSX segment. Use this method when the Virtual Network Sensor data port is on the same segment as the virtual machines you want to monitor.
  • Remote L3 SPAN: Mirrors traffic across Layer 3 boundaries using encapsulation. Use this method when the Virtual Network Sensor is on a different network segment than the virtual machines you want to monitor.
Note
Note
Before configuring port mirroring in NSX, complete the following Virtual Network Sensor CLI settings:
  1. Enable Geneve on the Virtual Network Sensor.
    On the Virtual Network Sensor CLI console, execute the following commands:
    enable
configure ncie geneve enable
  2. Change the data port MTU to 9000.
    For example, if the data port is eth1, execute the following commands:
    enable
configure interface eth1
mtu 9000
  3. Choose one of the following port mirroring methods based on your network topology and configure the settings in the NSX Manager console:
After configuring port mirroring, access the Virtual Network Sensor CLI console and use the command show traffic to verify the Virtual Network Sensor is receiving traffic. For more information about troubleshooting, see Virtual Network Sensor FAQ and Virtual Network Sensor CLI commands.

Logical SPAN Parent topic

Use Logical SPAN to mirror traffic when the Virtual Network Sensor data port is on the same NSX segment as the monitored virtual machines.

Logical SPAN mirrors traffic locally within an NSX segment. The Virtual Network Sensor data port must be assigned to the same segment as the virtual machines you want to monitor.

Procedure

  1. Verify that the Virtual Network Sensor data port is assigned to the NSX segment you want to monitor.
    In the VMware vCenter console, check the VM settings for the Virtual Network Sensor and confirm that the data port network adapter is connected to the target segment.
  2. In the NSX Manager console, go to Plan & TroubleshootPort Mirroring.
  3. Click ADD SESSION and select Logical SPAN.
  4. Specify a name for the session, and set the direction to Bi Directional.
  5. Configure the destination to specify the Virtual Network Sensor data port.
    1. Click Set next to Destination.
    2. Change the category to Group of Virtual Network Interfaces and click ADD GROUP.
    3. Specify a name for the group and click Set under Compute Members.
    4. Select the Virtual Network Sensor data port and click APPLY.
    5. Click SAVE to save the group.
    6. Click APPLY to apply the destination settings.
  6. Configure the source to specify the virtual machines you want to monitor.
    1. Click Set next to Source.
    2. Change the category to Group of Virtual Network Interfaces.
    3. Specify a name for the group and click Set next to Compute Members.
    4. Select the virtual machines you want to monitor and click APPLY.
    5. Click SAVE to save the group.
  7. Click SAVE to save the port mirroring session.

Remote L3 SPAN Parent topic

Use Remote L3 SPAN to mirror traffic when the Virtual Network Sensor is on a different network segment than the monitored virtual machines.

Remote L3 SPAN uses encapsulation to mirror traffic across Layer 3 boundaries. The destination IP address configured on the Virtual Network Sensor must be routable from the ESXi host performing the Remote L3 SPAN.

Procedure

  1. On the Virtual Network Sensor CLI console, type show interface and identify a network interface that shows Supported for Encapsulated Remote Mirroring.
  2. Execute the following commands to enable encapsulated remote mirroring on the selected interface:
    Note
    Note
    Replace <network_interface_name> with the name of the network interface identified in the previous step, and <ip_address> with an IP address that is routable from the ESXi host performing the Remote L3 SPAN.
    		 
    enable
configure interface <network_interface_name>
ip-encap enable <ip_address>
  3. Verify the configuration by typing show interface and confirming that the IP address appears next to Encapsulated Remote Mirroring.
  4. In the NSX Manager console, go to Plan & TroubleshootPort Mirroring.
  5. Click ADD SESSION, and select Remote L3 SPAN.
  6. Specify a name for the session and set the direction to Bi Directional.
  7. Configure the destination to specify the Virtual Network Sensor IP address.
    1. Click Set next to Destination.
    2. Click ADD GROUP, specify a name for the group, and click Set under Compute Members.
    3. Click Enter IP Addresses and type the IP address you configured on the Virtual Network Sensor CLI in a previous step.
    4. Click APPLY.
    5. Click SAVE to save the group.
    6. Click APPLY to apply the destination settings.
  8. Configure the source to specify the virtual machines you want to monitor.
    1. Click Set next to Source.
    2. Change the category to Group of Virtual Network Interfaces.
    3. Specify a name for the group and click Set under Compute Members.
    4. Select the virtual machines you want to monitor and click APPLY.
    5. Click SAVE to save the group.
  9. Click SAVE to save the port mirroring session.