Router IP Traffic Export (RITE)

VN:F [1.9.6_1107]
Rating: 5.0/5 (3 votes cast)
By Bryan Bartik on July 1st, 2010

IP Traffic Export is a lot like SPAN for switches, except it is for routers. A copy of traffic received on configured interfaces is exported out another interface while the original flow is not impacted.

This diagram sums what happens and below we take a look at the configuration.

Diagram

R2’s configuration is pretty simple:

ip traffic-export profile EXPORT
 interface FastEthernet3/0
 bidirectional
 incoming access-list 100
 outgoing access-list 101
 mac-address 001d.6094.d09d
 incoming sample one-in-every 5
 outgoing sample one-in-every 5
!
interface FastEthernet1/0
 ip traffic-export apply EXPORT
!
access-list 100 permit tcp any any eq telnet
access-list 101 permit tcp any eq telnet any

The above configuration shows most of the options you can configures. R2 exports traffic passing through interface FastEthernet1/0 in both directions as long as it matches ACL 100 on ingress or ACL 101 on egress. In addition, only 1 out of every 5 packets is actually exported. When the packets are exported, the destination MAC address is modified to that of the analyzer. The MAC address and interface are the only required parameters in the profile.

In this example our analyzer is a PC with Wireshark running. Below is a screenshot of the capture file. You can see that since we only sample 20% of the packets, Wireshark interprets the stream as having lost segments. Also notice the destination MAC address has been modified according to the configuration.

Capture

This feature is currently listed on the v4 Routing and Switching blueprint. Not too tough, so get familiar with commands and continue studying!


Bryan Bartik
CCIE #23707 (R&S, SP)

Router IP Traffic Export (RITE), 5.0 out of 5 based on 3 ratings
Share and Enjoy:
  • RSS
  • Twitter
  • Facebook
  • Google Bookmarks
  • Digg
  • Print
  • Technorati
  • Slashdot
  • LinkedIn
  • del.icio.us
  • Reddit
  • Sphinn
  • Mixx
  • Blogplay
  • Netvibes
  • NewsVine
  • Live
  • Ping.fm
  • MySpace
  • Yahoo! Bookmarks
  • Yahoo! Buzz

Tags: , ,

This entry was posted on Thursday, July 1st, 2010 at 8:07 am and is filed under Ask the Expert, CCIE, Routing & Switching. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Router IP Traffic Export (RITE)”

  1. Bradley Freeman says:
    July 1, 2010 at 8:36 am

    Having trouble finding this in the Doccd, any clue on its location?

    VA:F [1.9.6_1107]
    Rating: 0.0/5 (0 votes cast)
    Reply
  2. Vince says:
    July 1, 2010 at 9:21 am

    Looks easy enough, plus very handy for the real world to troubleshoot a specific IP flow passing through a router. Do you have to dedicate the port exporting solely to this use when configuring this option? or can the interface forward traffic while exporting (if there is enough bandwidth of course)

    VA:F [1.9.6_1107]
    Rating: 0.0/5 (0 votes cast)
    Reply
  3. Erik P says:
    July 1, 2010 at 9:31 am

    You can also use a capture option of RITE to actually create a local capture file, then copy that off to your PC to open with Wireshark. I’ve done that for troubleshooting voice issues with a remote router, very handy indeed.

    http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html#wp1051438

    VA:F [1.9.6_1107]
    Rating: 5.0/5 (2 votes cast)
    Reply

Leave a Reply