Network Monitoring Configuration Guide
Introduction
Section titled “Introduction”Port mirroring allows users to use the data monitoring device to analyze the copied messages for network monitoring and troubleshooting by copying messages from a specified port to a port connected to the data monitoring device.
- Mirror source is the object being monitored, i.e., the port that receives and sends the messages that need to be monitored, called the source port.
- The mirroring destination is the destination to which the mirroring message is destined, i.e., the port connected to the data monitoring device, called the destination port.
- Mirror direction refers to which direction messages can be copied on the mirror source:
- Inbound direction: is to copy only copy the messages received by the mirror source.
- Outbound direction: is to copy only the messages sent by the mirror source.
- Bidirectional: is to copy both the received and outgoing messages of the mirror source.
Configuration Example
Section titled “Configuration Example”Network requirements
Device A and another Device on the network communication abnormalities, the need to mirror the Device connected to the external network interface Ethernet8 to analyze the sending and receiving of messages, mirroring the destination port is connected to the server Ethernet9 port.
Procedure
# Create a mirror group, specify the mirror source as Ethernet8, the mirror destination as Ethernet9, and the mirror direction as bidirectional.
sonic(config)# mirror session 1 span direction both dst-ethernet 9 src-ethernet 8Verify configuration
1.View configuration
sonic# show mirror session+----------------+------------------+-------------+--------+------------+| Session Name | Destination Port | Source Port | Type | Direction |+================+==================+=============+========+============+| 1 | Ethernet9 | Ethernet8 | SPAN | BOTH |+----------------+------------------+-------------+--------+------------+2.Capture packets on the server to view, and so on to capture all the messages sent and received on Ethernet port 8.
IPFIX Configuration
Section titled “IPFIX Configuration”Introduction
Section titled “Introduction”IPFIX (IP Flow Information Export) is a standard protocol for collecting and exporting network traffic information, designed to provide a universal, scalable way to describe and transmit network traffic information. With IPFIX, network administrators can collect detailed information about network traffic, such as source IP address, destination IP address, port number, traffic byte count, connection duration, etc., for use in network monitoring, billing, traffic engineering, security analysis, and other scenarios.
IPFIX Configuration
Section titled “IPFIX Configuration”Configure ipfix exporter
Section titled “Configure ipfix exporter”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Create and enter the ipfix exporter view | ipfix exporter | |
| Configure destination ip of the ipfix packet | dip <A.B.C.D> | |
| Configure domain_id of ipfix packets | domain_id | |
| Configure the destination port of ipfix packets | dport | |
| Configure MTU of ipfix packets | path_mtu | |
| Configure the source ip of ipfix packets | sip <A.B.C.D> | |
| Configure the source port of ipfix packets | sport | |
| Configure the transmission interval for ipfix template packets | template_interval | |
| Configure the vrf of ipfix packet output port | vrf |
Configure ipfix monitor-map
Section titled “Configure ipfix monitor-map”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Create and enter the ipfix monitor-map view | ipfix monitor-map | |
| Bind exporter to monitor | exporter | |
| Set the depth of analyzed messages | record {l2|l3|l4|all} | |
| Set the active time of a session stream | timeout_active | |
| Set the timeout for session flow | timeout_passive |
Configure monitor interface
Section titled “Configure monitor interface”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Enter the interface configuration view | interface ethernet | |
| Set the monitor interface | ipfix monitor |
Display and Maintenance
Section titled “Display and Maintenance”| Operation | Command | Description |
|---|---|---|
| Display ipfix exporter configuration | show ipfix exporter | - |
| Display ipfix monitor-map configuration | show ipfix monitor | - |
| Display ipfix port-map configuration | show ipfix port-map |
Ipfix Configuration Example
Section titled “Ipfix Configuration Example”Network requirements
Users collect traffic sent and received from Ethernet port 5 via Ethernet port 16.
Procedure
sonic(config)# interface ethernet 16sonic(config-if-16)# ip address 192.85.3.1/24sonic(config)# ipfix exporter testsonic(config-ipfix-exporter-test)# dip 192.85.3.100sonic(config-ipfix-exporter-test)# domain_id 10sonic(config-ipfix-exporter-test)# path_mtu 1000sonic(config-ipfix-exporter-test)# sip 1.1.1.1sonic(config-ipfix-exporter-test)# template_interval 60sonic(config)# ipfix monitor-map test1sonic(config-ipfix-monitor-map-test)# exporter testsonic(config-ipfix-monitor-map-test)# record allsonic(config-ipfix-monitor-map-test)# timeout_active 60sonic(config-ipfix-monitor-map-test)# timeout_passive 120sonic(config)# interface ethernet 5sonic(config-if-5)# ip address 80.0.0.1/24sonic(config-if-5)# ipfix monitor test l2 both