Date created: Monday, November 15, 2021 5:10:15 PM. Last modified: Friday, January 12, 2024 5:51:48 PM
Mirror Spoke SDP to Spoke SPD
Example config to mirror traffic from a pseudowire on the local PE, over another pseudowire to a remote PE, which hands over to a locally connect packet capture device.
First, on the PE which we want to debug, set up a traffic mirror from some customer pseudowires to pseudowires towards a remote PE:
########## # MD-CLI # ########## configure global # Example customer epipe which uses pseudowire stitching. passing through this PE, this is what we want to debug: #service epipe "123" customer "test" vc-switching true #service epipe "123" service-id 123 #service epipe "123" spoke-sdp 100:55555 admin-state enable #service epipe "123" spoke-sdp 200:55555 admin-state enable #service epipe "123" admin-state enable # Create a MAC filter that match all traffic, to match the traffic inside the customer pseudowires on the epipe: filter mac-filter "MAC100" filter-id 100 entry 10 action accept filter mac-filter "MAC200" filter-id 200 entry 10 action accept # Apply MAC filter to each spoke-sdp/pseudowire under the pipe: service epipe "123" spoke-sdp 100:55555 ingress filter mac "MAC100" service epipe "123" spoke-sdp 100:55555 egress filter mac "MAC100" service epipe "123" spoke-sdp 200:55555 ingress filter mac "MAC200"
service epipe "123" spoke-sdp 200:55555 egress filter mac "MAC200"
# Configure mirror sources (mac filters on spoke-SDPs) and destinations (seperate spoke-SDPs to debugging PE): mirror mirror-source "100" mac-filter "MAC100" entry 10 mirror mirror-source "100" admin-state enable mirror mirror-dest "100" admin-state enable mirror mirror-dest "100" spoke-sdp 300:100 admin-state enable mirror mirror-source "200" mac-filter "MAC200" entry 10 mirror mirror-source "200" admin-state enable mirror mirror-dest "200" admin-state enable mirror mirror-dest "200" spoke-sdp 300:200 admin-state enable compare commit ## REMOVAL delete mirror mirror-source "100" delete mirror mirror-dest "100" delete mirror mirror-source "200" delete mirror mirror-dest "200" delete filter mac-filter "MAC100" delete filter mac-filter "MAC300" delete service epipe "123" spoke-sdp 100:55555 ingress filter mac delete service epipe "123" spoke-sdp 100:55555 egress filter mac delete service epipe "123" spoke-sdp 200:55555 ingress filter mac delete service epipe "123" spoke-sdp 200:55555 egress filter mac compare commit ############### # CLASSIC CLI # ############### # Example customer epipe which uses pseudowire stitching. passing through this PE, this is what we want to debug: #/configure service epipe 123 customer 1 create vc-switching name "123" #/configure service epipe 123 spoke-sdp 100:55555 create #/configure service epipe 123 spoke-sdp 100:55555 no shutdown #/configure service epipe 123 spoke-sdp 200:55555 create #/configure service epipe 123 spoke-sdp 200:55555 no shutdown #/configure service epipe 123 no shutdown #exit all # Create a MAC filter that match all traffic, to match the traffic inside the customer pseudowires on the epipe: /configure filter mac-filter 100 name "MAC100" create entry 10 create action forward /configure filter mac-filter 200 name "MAC200" create entry 10 create action forward # Apply MAC filter to each spoke-sdp/pseudowire under the pipe: /configure service epipe 123 spoke-sdp 100:55555 ingress filter mac "MAC100" /configure service epipe 123 spoke-sdp 100:55555 egress filter mac "MAC100" /configure service epipe 123 spoke-sdp 200:55555 ingress filter mac "MAC200" /configure service epipe 123 spoke-sdp 200:55555 egress filter mac "MAC200" # Configure mirror sources (mac filters on spoke-SDPs) and destinations (seperate spoke-SDPs to debugging PE): /configure mirror mirror-dest 100 name "mirror100" create /configure mirror mirror-dest 100 spoke-sdp 300:100 create no shutdown /configure mirror mirror-dest 100 no shutdown exit /configure mirror mirror-source 100 mac-filter 100 entry 10 /configure mirror mirror-source 100 no shutdown /configure mirror mirror-dest 200 name "mirror200" create /configure mirror mirror-dest 200 spoke-sdp 300:200 create no shutdown /configure mirror mirror-dest 200 no shutdown exit /configure mirror mirror-source 200 mac-filter 200 entry 10 /configure mirror mirror-source 200 no shutdown admin save
## REMOVAL /configure mirror no mirror-source 100 /configure mirror mirror-dest 100 spoke-sdp 300:100 shutdown /configure mirror mirror-dest 100 no spoke-sdp 300:100 /configure mirror mirror-dest 100 shutdown /configure mirror no mirror-dest 100 /configure mirror no mirror-source 200 /configure mirror mirror-dest 200 spoke-sdp 300:200 shutdown /configure mirror mirror-dest 200 no spoke-sdp 300:200 /configure mirror mirror-dest 200 shutdown /configure mirror no mirror-dest 200 /configure service epipe 123 spoke-sdp 100:55555 ingress no filter /configure service epipe 123 spoke-sdp 100:55555 egress no filter /configure service epipe 123 spoke-sdp 200:55555 ingress no filter /configure service epipe 123 spoke-sdp 200:55555 egress no filter /configure filter no mac-filter "MAC100" /configure filter no mac-filter "MAC200" admin save
On the remote receiving PE, the trick is to set up only a mirror destination, no mirror source, which uses a "remote-source" which is the receiving spoke SDP from the first PE:
# Configure mirror session to sit between remote PE and local packet capture device attached to this PE: /configure mirror mirror-dest 100 name "mirror100" create /configure mirror mirror-dest 100 remote-source spoke-sdp 400:100 create no shutdown /configure mirror mirror-dest 100 sap lag-103:10 create /configure mirror mirror-dest 100 no shutdown exit /configure mirror mirror-dest 200 name "mirror200" create /configure mirror mirror-dest 200 remote-source spoke-sdp 400:200 create no shutdown /configure mirror mirror-dest 200 sap lag-103:20 create /configure mirror mirror-dest 200 no shutdown exit admin save ## REMOVAL
/configure mirror mirror-dest 100 shutdown /configure mirror mirror-dest 100 remote-source spoke-sdp 400:100 shutdown /configure mirror mirror-dest 100 remote-source no spoke-sdp 400:100 /configure mirror mirror-dest 100 no sap /configure mirror no mirror-dest 100 /configure mirror mirror-dest 200 shutdown /configure mirror mirror-dest 200 remote-source spoke-sdp 400:200 shutdown /configure mirror mirror-dest 200 remote-source no spoke-sdp 400:200 /configure mirror mirror-dest 200 no sap /configure mirror no mirror-dest 200
Ouput from first PE with customer traffic using MAC filter for mirror source:
# show filter mac "MAC100" associations =============================================================================== Mac Filter =============================================================================== Filter Id : 100 Applied : Yes Scope : Template Def. Action : Drop Entries : 1 Type : normal Description : (Not Specified) Filter Name : MAC100 ------------------------------------------------------------------------------- Filter Association : Mac ------------------------------------------------------------------------------- Service Id : 123 Type : Epipe - SDP 100:55555 (Ingress) (Egress) ------------------------------------------------------------------------------- Filter associated with IOM: 1 2 =============================================================================== # show filter mac "MAC100" counters =============================================================================== Mac Filter =============================================================================== Filter Id : 100 Applied : Yes Scope : Template Def. Action : Drop Entries : 1 Type : normal Description : (Not Specified) Filter Name : MAC100 ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry : 10 FrameType : Ethernet Ing. Matches : 498107 pkts (693088766 bytes) Egr. Matches : 497613 pkts (690962502 bytes) ===============================================================================
Output from PE receiving mirrored traffic:
# show service sdp-using 400:100
===============================================================================
Service Destination Point (Sdp Id : 400:100)
===============================================================================
SvcId SdpId Type Far End Opr I.Label E.Label
State
-------------------------------------------------------------------------------
139 400:100 Spok 10.255.248.12 Up 261468 523260
-------------------------------------------------------------------------------
Number of SDPs : 1
-------------------------------------------------------------------------------
===============================================================================
# show service sap-using sap lag-103:10
===============================================================================
Service Access Points Using Port lag-103:10
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-103:10 100 1 none 1 none Up Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
Previous page: Ports, SAPs, Encap Type
Next page: Backup Pseudowires