Traffic mirroring
The Fabric Services System provides operators with the ability to mirror traffic from a source group (a set of interfaces or sub-interfaces) and send the traffic to a local or remote destination. Mirrors are typically used for troubleshooting or security.
You configure a mirroring instance to specify what traffic to mirror (the source group) and where to send the mirrored traffic (the destination). A mirroring instance can have many sources, but can only have one mirror destination.
Before you can configure a mirroring instance, you must first configure the mirror source groups and the mirror destination. A mirror destination cannot be reused in multiple mirroring instances. Within a mirroring-instance, if an interface is configured as mirror source, a sub-interface within that interface cannot be added as another mirror source.
You can configure mirroring for traffic in a specific direction (ingress only or egress only) or bidirectional traffic (both ingress and egress).
Concurrent operations on the underlay
When you perform the following mirroring operations, you update the underlying fabric (underlay) and update the normalized configuration:
- create a new active mirroring instance
- delete an active mirror object
- enable an existing mirror object
- attach or delete a label that is applied to a node, interface, or sub-interface that is referenced in an active mirroring instance
If you are updating the mirroring configuration, if another user is updating the underlay (for example, adding a new node or importing a new manual topology), the system locks the underlay until that operation is complete. The changes to the mirroring configuration are merged into the normalized configuration when the lock is removed.
Conversely, if you are updating a mirror configuration, a lock is also applied to the underlay to prevent other updates to the underlay until the updates to the mirror configuration are merged.