The information in this document is based on these software and hardware versions:

Similar documents
How to monitor network traffic inside an ESXi host

How to Create VLANs Within a Virtual Switch in VMware ESXi

Monitoring VMware ESX Virtual Switches

Implementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track**

How to Create a Virtual Switch in VMware ESXi

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Configuring iscsi Multipath

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Altor Virtual Network Security Analyzer v1.0 Installation Guide

How to Configure an Initial Installation of the VMware ESXi Hypervisor

What s New in VMware vsphere 5.5 Networking

Network Troubleshooting & Configuration in vsphere VMware Inc. All rights reserved

Install Guide for JunosV Wireless LAN Controller

Course. Contact us at: Information 1/8. Introducing Cisco Data Center Networking No. Days: 4. Course Code

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

Configuring Network Load Balancing for vethernet

Enhancing Cisco Networks with Gigamon // White Paper

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN

RSA Security Analytics Virtual Appliance Setup Guide

Device Interface IP Address Subnet Mask Default Gateway

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

RECORDING VoIP TRAFFIC via PORT MIRRORING

INTEGRATING RECOVERPOINT FOR VIRTUAL MACHINES AND CISCO ACI

CCNA DATA CENTER BOOT CAMP: DCICN + DCICT

Packet Tracer 3 Lab VLSM 2 Solution

How To Set Up A Virtual Network On Vsphere (Vsphere) On A 2Nd Generation Vmkernel (Vklan) On An Ipv5 Vklan (Vmklan)

Installing Intercloud Fabric Firewall

Configuring DHCP Snooping

Configuring Local SPAN and ERSPAN

LiveAction Application Note

Remote PC Guide Series - Volume 1

vsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN

QNAP in vsphere Environment

Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1)

Setup Cisco Call Manager on VMware

Building a Penetration Testing Virtual Computer Laboratory

How to Deploy a Nexus 1000v lab with a single ESX host.

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION CHAPTER 2 RSPAN CONFIGURATION CHAPTER 3 SFLOW CONFIGURATION...

Adding Traffic Sources to a Monitoring Session, page 7 Activating a Traffic Monitoring Session, page 8 Deleting a Traffic Monitoring Session, page 9

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

How To Load Balance On A Libl Card On A S7503E With A Network Switch On A Server On A Network With A Pnet 2.5V2.5 (Vlan) On A Pbnet 2 (Vnet

Set Up a VM-Series Firewall on an ESXi Server

VMware vsphere 5.0 Evaluation Guide

ISERink Installation Guide

POD INSTALLATION AND CONFIGURATION GUIDE. EMC CIS Series 1

Virtualized Access Layer. Petr Grygárek

Pre-lab and In-class Laboratory Exercise 10 (L10)

NETFORT LANGUARDIAN INSTALLING LANGUARDIAN ON MICROSOFT HYPER V

DCICT: Introducing Cisco Data Center Technologies

VXLAN Bridging & Routing

Validating Long-distance VMware vmotion

Springpath Data Platform with Cisco UCS Servers

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION CHAPTER 2 SFLOW CONFIGURATION CHAPTER 3 RSPAN CONFIGURATION...

Scenario 1: One-pair VPN Trunk

Lab - Using IOS CLI with Switch MAC Address Tables

VMware vsphere 5.0 Evaluation Guide

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

Monitoring Traffic. Traffic Monitoring. This chapter includes the following sections:

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

Lab - Using Wireshark to View Network Traffic

Centerity Monitor. Technical Guide: Centerity VCE VBlock Monitoring V6.15

Packet Tracer - Subnetting Scenario 1 (Instructor Version)

How to Add and Remove Virtual Hardware to a VMware ESXi Virtual Machine

Lab Configuring Access Policies and DMZ Settings

VXLAN: Scaling Data Center Capacity. White Paper

VMware for Bosch VMS. en Software Manual

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Visibility into the Cloud and Virtualized Data Center // White Paper

"Charting the Course...

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations

Set Up a VM-Series Firewall on an ESXi Server

ANZA Formación en Tecnologías Avanzadas

Tcpdump Lab: Wired Network Traffic Sniffing

Extending Networking to Fit the Cloud

Configuring Security for FTP Traffic

Configuring Network Load Balancing for vethernet

Latency Monitoring Tool on Cisco Nexus Switches: Troubleshoot Network Latency

Citrix XenServer Design: Designing XenServer Network Configurations

Nutanix Tech Note. VMware vsphere Networking on Nutanix

Underneath OpenStack Quantum: Software Defined Networking with Open vswitch

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

Configuring Static and Dynamic NAT Simultaneously

Configuring Network Load Balancing for vethernet

Lab 1: Network Devices and Technologies - Capturing Network Traffic

How To Learn Cisco Cisco Ios And Cisco Vlan

Lab Introduction to the Modular QoS Command-Line Interface

VMware ESX Server Q VLAN Solutions W H I T E P A P E R

Bosch Video Management System High availability with VMware

Configuring a FlexPod for iscsi Boot

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Understanding Cisco Cloud Fundamentals CLDFND v1.0; 5 Days; Instructor-led

Interconnecting Cisco Network Devices 1 Course, Class Outline

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Deploying the BIG-IP System with VMware vcenter Site Recovery Manager

Any-to-any switching with aggregation and filtering reduces monitoring costs

Configuring Cisco Nexus 5000 Switches Course DCNX5K v2.1; 5 Days, Instructor-led

VMware

How to Deploy a Nexus 1000v lab with VMware Workstation.

Transcription:

Contents Introduction Prerequisites Requirements Components Used Background Information Configure Network Diagram Configurations Sniffer VM with an IP address Sniffer VM without an IP address Failure scenario Related information Introduction This document describes the steps to capture a traffic flow that is completely outside the Cisco Unified Computing System (UCS) and direct it to a Virtual Machine (VM) running a sniffer tool inside the UCS. The source and destination of the traffic being captured is outside the UCS. The capture can be initiated on a physical switch that is directly attached to the UCS or it could be a few hops away. Prerequisites Requirements Cisco recommends that you have a working knowledge of these topics: Cisco Unified Computing System (UCS) VMware ESX version 4.1 or later Encapsulated Remote Switch Port Analyzer (ERSPAN) Components Used The information in this document is based on these software and hardware versions: Cisco Catalyst 6503 running 12.2(18)ZYA3c Cisco UCS B series running 2.2(3e) VMWare ESXi 5.5 build 1331820 Background Information UCS does not have the Remote SPAN (RSPAN) feature to receive SPAN traffic from a connected

switch and direct it to a local port. So the only way to accomplish this in a UCS environment is by using the Encapsulated RSPAN (ERSPAN) feature on a physical switch and sending the captured traffic to the VM using IP. In certain implementations, the VM running the sniffer tool cannot have an IP address. This document explains the configuration required when the sniffer VM has an IP address as well as the scenario without an IP address. The onl limitation here is that the sniffer VM needs to be able to read the GRE/ERSPAN encapsulation from the traffic that's sent to it. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Configure Network Diagram This topology has been considered in this document: PC attached to GigabitEthernet1/1 of the Catalyst 6500 is being monitored. The traffic on GigabitEthernet1/1 is captured and sent to the sniffer VM that runs inside the Cisco UCS on server 1.

ERSPAN feature on the 6500 switch captures the traffic, encapsulates it using GRE and send it to the sniffer VM's IP address. Configurations Sniffer VM with an IP address Note: The steps described in this section can be also used in the scenario where the sniffer runs in a bare-metal server on a UCS blade instead of running on a VM. These steps are required when the sniffer VM can have an IP address: Configure the sniffer VM inside the UCS environment with an IP address that is reachable from the 6500 Run the sniffer tool inside the VM Configure an ERSPAN source session on the 6500 and send the captured traffic directly to the VM's IP address The configuration steps on the 6500 switch: In this example, the IP address of the sniffer VM is 192.0.2.2 Sniffer VM without an IP address These steps are required when the sniffer VM cannot have an IP address: Configure the sniffer VM inside the UCS environment Run the sniffer tool inside the VM Create a second VM that can have an IP address in the same host and configure it with an IP address that is reachable from the 6500 Configure the port-group on the VMWare vswitch to be in the promiscuous mode Configure an ERSPAN source session on the 6500 and send the captured traffic to the IP address of the second VM These steps show the configuration required on the VMWare ESX: Go to Step 2 directly if you already have a port-group configured. 1. Create a Virtual machine port-group and assign the two virtual machines to it Navigate to the Networking tab and click Add Networking under vsphere Standard Switch Create a port-group of type Virtual Machine

Assign a physical interface (vmnic) to the port-group as shown in this image. Configure a name for the port-group and the add the relevant VLAN

Verify the configuration and click Finish 2. Configure the port-group to be in the promiscuous mode. The port-group must appear under the Networking tab now Click Properties Select the port-group and click Edit Go to the Security tab and change the Promiscuous mode setting to Accept as shown in this image

3. Assign the two virtual machines to the port-group from the virtual machine settings section. 4. The two virtual machines must appear in the port group under the Networking tab now. In this example, VM with IP is the second VM that has an IP address and Sniffer VM is the VM with the sniffer tool without an IP address. 5. This shows the configuration steps on the 6500 switch:

In this example, the IP address of the second VM (VM with IP) is 192.0.2.3. With this configuration, the 6500 encapsulates the captured packets and send it to the VM with the IP address. Promiscuous mode on the VMWare vswitch enables the sniffer VM to see these packets as well. Failure scenario This section describes a common failure scenario when using the Local SPAN feature on a physical switch instead of the ERSPAN feature. This topology is considered here: Traffic from PC A to PC B is monitored using the local SPAN feature. The destination of the SPAN traffic is directed to the port connected to the UCS Fabric Interconnect (FI).

The virtual machine with the sniffer tool runs inside the UCS on server 1. This is the configuration on the 6500 switch: All traffic flowing on ports Gig1/1 and Gig1/2 will be replicated on to port Gig1/3. The source and destination mac-addresses of these packets will be unknown to the UCS FI. In the UCS Ethernet end host mode, the FI drops these unknown unicast packets. In the UCS Ethernet switching mode, the FI learns the source MAC address on the port connected to the 6500 (Eth1/1) and then flood the packets downstream to the servers. This sequence of events happen: 1. For ease of understanding, consider traffic going only between PC A (with mac-address aaaa.aaaa.aaaa) and PC B (with mac-address bbbb.bbbb.bbbb) on interfaces Gig1/1 and Gig1/2 2. The first packet is from PC A to PC B and this is seen on the UCS FI Eth1/1 3. The FI learns mac-address aaaa.aaaa.aaaa on Eth1/1 4. The FI does not know the destination mac-address bbbb.bbbb.bbbb and floods the packet to all ports in the same VLAN 5. The sniffer VM, in the same VLAN, also see this packet 6. The next packet is from PC B to PC A 7. When this hits Eth1/1, mac-address bbbb.bbbb.bbbb is learnt on Eth1/1 8. The destination of the packet is for mac-address aaaa.aaaa.aaaa 9. The FI drops this packet as mac-address aaaa.aaaa.aaaa is learnt on Eth1/1 and the packet was received on Eth1/1 itself 10. Subsequent packets, either destined for mac-address aaaa.aaaa.aaaa or mac-address bbbb.bbbb.bbbb are dropped for the same reason Related information Configuring promiscuous mode on a virtual switch or portgroup SPAN, RSPAN, and ERSPAN on the Catalyst 6500 Decapsulation ERSPAN Traffic With Open Source Tools Technical Support & Documentation - Cisco Systems

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information