Mirroring

Mirroring copies IPv4 and IPv6 packets seen on a specified source, such as an interface (port) or subinterface (VLAN). and sends the packets to a specific destination, such as a locally attached traffic analyzer or a tunnel toward a remote destination.

By default, the mirrored packets include IPv4/IPv6 headers, as well as Ethernet headers. Traffic from multiple sources can be mirrored to a single destination, although traffic from a specific source cannot be mirrored to multiple destinations.

Mirror sources

A mirror source can be an interface, including all subinterfaces within that interface. The source can be a single interface (for example, interface ethernet-1/1) or a LAG (for example, interface lag1). Either a LAG member or LAG port can be mirrored. When a LAG port is configured as a mirror source, mirroring is enabled on all ports making up the LAG.

The source can be a specific VLAN; that is, a subinterface within an interface where VLAN tagging is enabled (for example, interface ethernet-1/1.1 or lag1.1).

You can configure mirroring for traffic in a specific direction (ingress only, egress only) or bidirectional traffic (both ingress and egress).

Mirror destinations

Traffic from the mirror source can be copied to a local destination (local mirroring). In a local mirroring configuration, both the mirror source and mirror destination reside on the same SR Linux node, as shown in Local mirroring.

In this configuration, the local destination is a Switched Port Analyzer (SPAN).

Figure 1. Local mirroring

Configuring mirroring

To configure mirroring, you configure a mirroring-instance, which specifies the source and destination for the mirrored traffic. Multiple mirror sources can have a single destination, although traffic from a specific source cannot be mirrored to multiple destinations. Only one mirror destination can be configured per mirroring-instance. A mirror destination cannot be reused in multiple mirroring instances.

Within a mirroring-instance, if an interface is configured as mirror source, a subinterface within that interface cannot be added as another mirror source. If a LAG is defined as mirror destination, only the first 8 members of the LAG carry mirrored traffic.

Mirrored traffic is considered Best Effort (BE) Forwarding Class.

Configuring mirroring sources

To configure mirroring, you specify the source and destination for mirrored traffic within a mirroring-instance. The source in a mirroring-instance can be traffic on a specified interface, subinterface, or LAG.

interface source

The following example shows a mirroring-instance configuration with an interface as the source for mirrored traffic:

--{ * candidate shared default }--[  ]--
# info system mirroring
    system {
        mirroring {
            mirroring-instance 1 {
                admin-state enable
                mirror-source {
                    interface ethernet-1/5 {
                        direction ingress-egress
                    }
                }
            }
        }
    }

Configuring mirroring destinations

In a mirroring-instance, you specify the destination for the mirrored traffic. The mirroring destination can be a local destination residing on the same SR Linux node as the mirroring source.

Local destination

The following enables a subinterface to be a local mirror destination:

--{ * candidate shared default }--[  ]--
# info interface ethernet-1/4 subinterface 1
    interface ethernet-1/4 {
        subinterface 1 {
            type local-mirror-dest
            admin-state enable
            local-mirror-destination {
                admin-state enable
            }
        }
    }

The following configures a mirroring-instance where traffic from the mirror source is mirrored to the subinterface enabled as a local mirror destination:

--{ * candidate shared default }--[  ]--
# info system mirroring
    system {
        mirroring {
            mirroring-instance 1 {
                admin-state enable
                mirror-source {
                    interface ethernet-2/1 {
                        direction ingress-egress
                    }
                }
                mirror-destination {
                    local ethernet-1/4.1
                }
            }
        }
    }

Displaying mirroring information

Use the info from state command to display mirroring configuration information.

--{ * candidate shared default }--[  ]--
# info from state system mirroring mirroring-instance 2
    system {
        mirroring {
            mirroring-instance 2 {
                admin-state enable
                oper-state down
                oper-down-reason local-mirror-subif-down
                mirror-source {
                    interface lag1 {
                        direction ingress-egress
                    }
                }
                mirror-destination {
                    local lag25.1
                }
            }
        }
    }

Displaying mirroring statistics

You can use the info from state command to display the outgoing mirrored packets/octets per interface.

--{ * candidate shared default }--[  ]--
# info from state interface ethernet-1/1 statistics | grep mirror
            out-mirror-octets 0
            out-mirror-packets 0