cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2657
Views
0
Helpful
3
Replies

Nexus 1000v ERSPAN

Greeting Gents

I`m actually designing an implementation for nexus 1000v and i`d like to know if i can dedicate a port for ERSPAN traffic (inter and intra VMs) and how it`s done

In doc from cisco they state the following after setting up the port-profile for ERSPAN

The port profile name is used to configure the VMKNIC that is required on  each of the ESX hosts.

Any help please

I appreciate it

2 Accepted Solutions

Accepted Solutions

mmehta
Cisco Employee
Cisco Employee

Hi,

The "vmknic" configuration on the ESX host is required to route the ERSPAN frames to an IP addressable destination. Assigning a port-profile with "capability l3control" command configures the VEM to start using the "vmknic" for routing the ERSPAN frames out to the destination. In addition to this, you need to configure ERSPAN session on VSM for your monitoring. The ERSPAN session consist of "sources" i.e. Vethernet ports, VLANs, or a port-profile (from SV1(4) only) release. Afterwards, you need to configure ERSPAN destination IP address and the identifier for this session. Once the session is setup, N1K VEMs will copy the frames you are interested in monitoring and send them to IP destination using ERSPAN frame format.

I didnt completely understand the deployment scenario from your note below. Could you please elaborate more on how you plan to setup the ERSPAN and we can help review it.

thanks,

Munish.

View solution in original post

Hi,

Once the VMKnic is configured, it would be used to source the ERSPAN (IP/GRE) packets from (you could just think this as configuring a VM's Veth and it's IP, but instead it would be the VMKnic). So, the VMKnic IP would be the source IP of the ERSPAN packets generated from that VEM/host. And the VLAN should be configured such that the configured IP could reach the gateway.

Let us know if you have further questions.

Thanks,

Deniz

View solution in original post

3 Replies 3

mmehta
Cisco Employee
Cisco Employee

Hi,

The "vmknic" configuration on the ESX host is required to route the ERSPAN frames to an IP addressable destination. Assigning a port-profile with "capability l3control" command configures the VEM to start using the "vmknic" for routing the ERSPAN frames out to the destination. In addition to this, you need to configure ERSPAN session on VSM for your monitoring. The ERSPAN session consist of "sources" i.e. Vethernet ports, VLANs, or a port-profile (from SV1(4) only) release. Afterwards, you need to configure ERSPAN destination IP address and the identifier for this session. Once the session is setup, N1K VEMs will copy the frames you are interested in monitoring and send them to IP destination using ERSPAN frame format.

I didnt completely understand the deployment scenario from your note below. Could you please elaborate more on how you plan to setup the ERSPAN and we can help review it.

thanks,

Munish.

Thanks Metha actually we are deploying the Erspan to capture traffic for different sources and basically I'm concerned to understand the vlan that we setup and the Ip address for the vmknic is used for what purpose and what's the actual meaning of that

I really appreciate your answer

Sent from Cisco Technical Support iPhone App

Hi,

Once the VMKnic is configured, it would be used to source the ERSPAN (IP/GRE) packets from (you could just think this as configuring a VM's Veth and it's IP, but instead it would be the VMKnic). So, the VMKnic IP would be the source IP of the ERSPAN packets generated from that VEM/host. And the VLAN should be configured such that the configured IP could reach the gateway.

Let us know if you have further questions.

Thanks,

Deniz

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: