We are trying to mirror traffic from one router to another with below config:
R1:
R1#sh run | sec monitor
monitor session 1 type erspan-source
source interface Gi0/0/3 rx
destination
erspan-id 100
ip address 192.168.0.0
origin ip address 192.168.0.1
R11#sh monitor session all
Session 1
---------
Type : ERSPAN Source Session
Status : Admin Enabled
Source Ports :
RX Only : Gi0/0/3
Destination IP Address : 192.168.0.0
Destination ERSPAN ID : 100
Origin IP Address : 192.168.0.1
R2:
R2#sh run | sec monitor
monitor session 1 type erspan-destination
destination interface Gi0/0/4
source
erspan-id 100
ip address 192.168.0.1
R2#sh monitor session all
Session 1
---------
Type : ERSPAN Destination Session
Status : Admin Enabled
Destination Ports : Gi0/0/4
Source IP Address : 192.168.0.1
Source ERSPAN ID : 100
R2#sh platform hardware qfp active feature erspan state
ERSPAN State:
Status : Active
Complexes : 1
CPPs : 1
Capabilites:
Max sessions : 1024
Max outputs : 128
Encaps type : ERSPAN type-II
GRE protocol : 0x88BE
MTU : 1464
IP TOS : 0
IP TTL : 255
COS : 0
System Statistics:
DROP src session replica : 0 / 0
DROP term session replica : 0 / 0
DROP receive malformed : 0 / 0
DROP receive invalid ID : 24321174 / 21427043334
DROP recycle queue full : 0 / 0
DROP no GPM memory : 0 / 0
DROP no channel memory : 0 / 0
Client Debug Config:
Enabled: Info, Warn
Data Path Debug Config:
0x00000000
Note: 192.168.0.0 is R2's loopback. 192.168.0.1 is R1's loopback.
The configuration seems OK and traffic was mirror from R1 to R2 but it was dropped at R2 with DROP receive invalid ID increasing.
The ERSPAN-Destination session should have the Source IP Address as the IP address (192.168.0.0) and not the Origin IP Address which you have configured.
ip address in destination session and ip address in source session should match. If they don't- that is causing the drops you see.
Please try the following:
- remove both sessions completely
- configure both with new session id - e.g. 101
- configure "ip address" in source and destination sessions to be 192.168.0.0
- have "plim ethernet vlan filter disable"command on outgoing interface
For "plim ethernet vlan filter disable" - it is used to disable filter for packets tagged with VLAN as by default ASR drop them in older versions.
R1:
R1#sh run | sec monitor
monitor session 1 type erspan-source
source interface Gi0/0/3 rx
destination
erspan-id 100
ip address 192.168.0.0
origin ip address 192.168.0.1
R11#sh monitor session all
Session 1
---------
Type : ERSPAN Source Session
Status : Admin Enabled
Source Ports :
RX Only : Gi0/0/3
Destination IP Address : 192.168.0.0
Destination ERSPAN ID : 100
Origin IP Address : 192.168.0.1
R2:
R2#sh run | sec monitor
monitor session 1 type erspan-destination
destination interface Gi0/0/4
source
erspan-id 100
ip address 192.168.0.1
R2#sh monitor session all
Session 1
---------
Type : ERSPAN Destination Session
Status : Admin Enabled
Destination Ports : Gi0/0/4
Source IP Address : 192.168.0.1
Source ERSPAN ID : 100
R2#sh platform hardware qfp active feature erspan state
ERSPAN State:
Status : Active
Complexes : 1
CPPs : 1
Capabilites:
Max sessions : 1024
Max outputs : 128
Encaps type : ERSPAN type-II
GRE protocol : 0x88BE
MTU : 1464
IP TOS : 0
IP TTL : 255
COS : 0
System Statistics:
DROP src session replica : 0 / 0
DROP term session replica : 0 / 0
DROP receive malformed : 0 / 0
DROP receive invalid ID : 24321174 / 21427043334
DROP recycle queue full : 0 / 0
DROP no GPM memory : 0 / 0
DROP no channel memory : 0 / 0
Client Debug Config:
Enabled: Info, Warn
Data Path Debug Config:
0x00000000
Note: 192.168.0.0 is R2's loopback. 192.168.0.1 is R1's loopback.
The configuration seems OK and traffic was mirror from R1 to R2 but it was dropped at R2 with DROP receive invalid ID increasing.
The ERSPAN-Destination session should have the Source IP Address as the IP address (192.168.0.0) and not the Origin IP Address which you have configured.
ip address in destination session and ip address in source session should match. If they don't- that is causing the drops you see.
Please try the following:
- remove both sessions completely
- configure both with new session id - e.g. 101
- configure "ip address" in source and destination sessions to be 192.168.0.0
- have "plim ethernet vlan filter disable"command on outgoing interface
For "plim ethernet vlan filter disable" - it is used to disable filter for packets tagged with VLAN as by default ASR drop them in older versions.
Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
Posts
This is really fantastic blog i like it.
ReplyDeleteData Networking