CCIE Data Center: ERSPAN on the Nexus

By Anthony Sequeira on August 30th, 2012

Overview

In one of our sessions on the Cisco Nexus in our CCIE Data Center Written Bootcamp here at IPexpert, we were able to dig into the SPAN and RSPAN features on these data center switches.

What then is ERSPAN? Well, first of all, please realize it is also on the blueprint, so we better study it.

Remember that SPAN and RSPAN mirrored traffic and carried this traffic with the Layer 2 domain of the switched infrastructure. Well, you probably already guessed what ERSPAN is about then – yes, it is about encapsulating remote switched port analyzer (ERSPAN) traffic so that we can route it through Layer 3 domains. How might we encapsulate this traffic for transport to the eventual destination port for analysis? Yes, you guessed it again – we can use the Generic Routing Encapsulation (GRE) for this purpose.

Valid ERSPAN Sources

When we specify an ERSPAN source ports or ports, we indicate the traffic we want to monitor. This can be ingress traffic on the port, egress traffic on the port, or both. Possible ERSPAN sources in the Nexus fabric include:

  • Ethernet ports
  • Port Channels
  • The inband interface to the control plane CPU (captures all VDC traffic destined for the control plane)
  • VLANs
  • Fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender
  • Satellite ports on the Cisco Nexus 2000 Series Fabric Extender, including Layer 2 ports and Layer 3 ports

Valid ERSPAN Destinations

The destination port receives the mirrored traffic. This is where we connect our protocol analyzer or other such monitoring device. Remember this regarding your Nexus ERSPAN destination ports:

  • Ethernet or Port Channel interfaces are supported
  • A destination port cannot also be a source port – duh!
  • A destination port can only serve one monitor session at a time
  • Destination ports cannot run Spanning Tree Protocol or any Layer 3 routing protocols
  • Some Nexus interfaces are not supported as the destination including Fabric Extender HIF (Host Interface) ports, HIF port channels, and Fabric PO (port channel) ports

Configuring ERSPAN

In order to configure ERSPAN, follow these steps:

Enter global configuration mode and use the following command to configure an ERSPAN global origin IP address:

monitor erspan origin ip-address IP_ADDRESS global

Configure a SPAN source session:

monitor session SESSION_NUMBER type erspan-source

Specify the source interfaces and the traffic to capture as tx, rx, or both, for example:

source interface ethernet 2/1-3 both

Specify the destination IP address of the ERSPAN session:

destination ip IP_ADDRESS

Configure the ERSPAN IP for the session:

erspan-id ERSPAN_ID

Configure the VRF that the ERSPAN source session uses for traffic forwarding:

vrf VRF_NAME

Enable the ERSPAN source session:

no shutdown

For the destination configuration, first configure the switchport interface as an ERSPAN destination:

switchport monitor

Then configure the ERSPAN destination session:

monitor session SESSION_NUMBER type erspan-destination

Configure the source IP address:

source ip IP_ADDRESS

Configure the ERSPAN ID:

erspan-id ID

Configure the VRF:

vrf VRF_NAME

And remember to no shut the session:

no shutdown

Example Configuration

Here is an example configuration:

IPXNEXUS# configure terminal
IPXNEXUS(config)# interface e1/3
IPXNEXUS(config-if)# no shutdown
IPXNEXUS(config-if)# exit
IPXNEXUS(config)# monitor erspan origin ip-address 10.10.10.1 global
IPXNEXUS(config)# monitor session 1 type erspan-source
IPXNEXUS(config-erspan-src)# source interface e1/3
IPXNEXUS(config-erspan-src)# erspan-id 1
IPXNEXUS(config-erspan-src)# vrf default
IPXNEXUS(config-erspan-src)# destination ip 10.20.20.10
IPXNEXUS(config-erspan-src)# no shutdown
IPXNEXUS2# configure terminal
IPXNEXUS2(config)# interface e2/4
IPXNEXUS2(config-if)# switchport monitor
IPXNEXUS2(config-if)# exit
IPXNEXUS2(config)# monitor session 1 type erspan-destination
IPXNEXUS2(config-erspan-dst)# source ip 10.10.10.1
IPXNEXUS2(config-erspan-dst)# destination interface e2/4
IPXNEXUS2(config-erspan-dst)# erspan-id 1
IPXNEXUS2(config-erspan-dst)# vrf default
IPXNEXUS2(config-erspan-dst)# no shutdown

Anthony Sequeira CCIE, CCSI
Twitter: @compsolv
Facebook: http://www.facebook.com/compsolv

CCIE Data Center: ERSPAN on the Nexus, 5.0 out of 5 based on 1 rating
Be Sociable, Share!

    Tags: CCIE, datacenter, erspan, nexus, training

    2 Responses to “CCIE Data Center: ERSPAN on the Nexus”

    1. Val says:

      Should not source ip on IPNEXUS2 be 10.10.10.1?

      VA:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)
    2. Anthony Sequeira says:

      Thanks- – there were some goofs – correcting now.

      VN:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)

    Leave a Reply