UCS Technology Labs  Nexus 1000v on UCS

ERSPAN in Nexus 1000v
Last updated: April 11, 2013

Task
Set up a ERSPAN session that allows Server1 on N5K1 (or 3, 5, or 7, depending on your rack) to
see all packets Tx or Rx to/from Win2k8-www-3.
Ping from Win2k8-www-2 to Win2k8-www-3 and capture the packets in Wireshark on Server1.

Configuration
We can see that Win2k8-www-3 is running on ESXi1 or VEM 3.

Let's find the Veth port number in N1Kv.

FEEDBACK

v up 116 auto auto -- Veth9 N1Kv-01-VSM-1. Net up 121 auto auto -- Veth11 N1Kv-01-VSM-1. v up 115 auto auto -- Veth8 VMware VMkernel. we need UDP packetization. and therefore capability l3control on our VMKernel interface from which the ERSPAN packets will originate. Network A up 1 auto auto -- control0 -- routed full 1000 -- up 110 auto auto -- N1Kv-01# To provide ERSPAN. This also provides the source address for the ERSPAN. Netw up Veth14 vCenter. Net up 120 auto auto -- Veth12 Win2k8-www-2. . Net up 120 auto auto -- Veth6 Win2k8-www-1. Net up 120 auto auto -- Veth4 N1Kv-01-VSM-2. v up 115 auto auto -- Veth2 VMware VMkernel. Net up 121 auto auto -- Veth5 N1Kv-01-VSM-2. v up 116 auto auto -- Veth3 N1Kv-01-VSM-2.N1Kv-01# sh int status ------------------------------------------------------------------------------Port Name Status Vlan Duplex Speed Type ------------------------------------------------------------------------------mgmt0 -- up routed full 1000 -- Eth3/1 -- up trunk full 1000 -- Eth3/2 -- up trunk full 1000 -- Eth3/3 -- up trunk full unknown -- Eth3/4 -- up trunk full unknown -- Eth3/5 -- up trunk full unknown -- Eth4/1 -- up trunk full 1000 -- Eth4/2 -- up trunk full 1000 -- Eth4/3 -- up trunk full unknown -- Eth4/4 -- up trunk full unknown -- Eth4/5 -- up trunk full unknown -- Po1 -- up trunk full 1000 -- Po2 -- up trunk full 1000 -- Po3 -- up trunk full unknown -- Po4 -- up trunk full unknown -- Veth1 VMware VMkernel. Netw up 110 auto auto -- Veth13 Win2k8-www-3. Netw up 110 auto auto -- Veth7 VMware VMkernel. Net up 120 auto auto -- Veth10 N1Kv-01-VSM-1. Set up the ERSPAN session to send to the destination of N5K1's SVI for the same VLAN that the VMKernel is running on (this can easily be a different VLAN if routing is properly configured).

115.115.51 no shut interface e1/1 switchport switchport monitor no shut monitor session 2 type erspan-destination source ip 10.0.0.115.0.port-profile type vethernet VMKernel capability l3control vmware port-group switchport mode access switchport access vlan 115 no shutdown system vlan 115 state enabled monitor session 2 type erspan-source source interface Vethernet12 both destination ip 10.51 erspan-id 2 ip ttl 64 mtu 1500 header-type 2 no shut On N5K1: interface vlan 115 ip address 10.12 destination interface e1/1 erspan-id 2 vrf default no shut Verification On N1Kv: .

115.12 HW SSN ID ERSPAN ID 2 HDR VER 2 RX Sources :55.115.0.0. 2 DST LTL/IP 10. N1Kv-01# Let's send our ping from Win2k8-www-2. Source Filter TX:110.N1Kv-01# sh monitor session 2 session 2 --------------type : erspan-source state : up source intf : rx : Veth12 tx : Veth12 both : Veth12 source VLANs : rx : tx : both : source port-profile : rx : tx : both : filter VLANs : filter not specified destination IP : 10. N1Kv-01(config-erspan-src)# module vem 4 execute vemcmd show span VEM SOURCE IP: 10. :0 ERSPAN DSCP :0 ERSPAN MTU : 1500 ERSPAN Header Type: 2 N1Kv-01# And looking on the linecard directly.115.51 .0. TX Sources :55. Source Filter RX :110.51 ERSPAN ID :2 ERSPAN TTL : 64 ERSPAN IP Prec.

ine. ^ back to top Disclaimer (http://www.com/about-us.htm) | Privacy Policy (http://www.ine.com/feedback.com/resources/) Inc.ine.We should see it on Server1 off N5K1.htm) | © 2013 INE .. All Rights Reserved (http://www.