Monitoring Traffic
This chapter includes the following sections:
- Traffic Monitoring
- Guidelines and Recommendations for Traffic Monitoring
- Creating a Traffic Monitoring Session
- Adding Traffic Sources to the Monitoring Session
- Activating a Traffic Monitoring Session
- Deleting a Traffic Monitoring Session
Traffic Monitoring
Traffic monitoring copies traffic from one or more sources and sends the copied traffic to a dedicated destination port for analysis by a network analyzer. This feature is also known as Switched Port Analyzer (SPAN).
Type of Session
When you create a traffic monitoring session, you can choose either an Ethernet or Fibre Channel destination port to receive the traffic. The type of destination port determines the type of session, which in turn determines the types of available traffic sources. For an Ethernet traffic monitoring session, the destination port must be an unconfigured physical port. For a Fibre Channel traffic monitoring session, the destination port must be a Fibre Channel uplink port.
Traffic Sources
An Ethernet traffic monitoring session can monitor any of the following traffic sources:
- Uplink Ethernet port
- Ethernet port channel
- VLAN
- Service profile vNIC
- Service profile vHBA
- FCoE port
- Port channels
- Server port
A Fibre Channel traffic monitoring session can monitor any of the following traffic sources:
Guidelines and Recommendations for Traffic Monitoring
- You can create and store up to 16 traffic monitoring sessions, but only two can be active at the same time.
- A traffic monitoring session is disabled by default when created. To begin monitoring traffic, you must activate the session.
- To monitor traffic from a server, add all vNICs from the service profile corresponding to the server.
- To monitor traffic from a VM, you must first determine the identity of the dynamic vNIC assigned to the VM. Follow the procedure in to find the vNIC and view its identity properties, then add the vNIC as a source for the monitoring session. If you later move the VM using VMotion, a new dynamic vNIC is assigned and you must reconfigure the monitoring source. Viewing Dynamic vNIC Properties in a VM
- You can monitor Fibre Channel traffic using either a Fibre Channel traffic analyzer or an Ethernet traffic analyzer. When Fibre Channel traffic is monitored using an Ethernet traffic monitoring session, with an Ethernet destination port, the destination traffic will be FCoE.
- Because a traffic monitoring destination is a single physical port, a traffic monitoring session can monitor only a single fabric. To monitor uninterrupted vNIC traffic across a fabric failover, you must create two sessions—one per fabric—and connect two analyzers. Add the vNIC as the traffic source for both sessions.
- All traffic sources must be located within the same switch as the destination port.
- A port configured as a destination port cannot also be configured as a source port.
- A member port of a port channel cannot be configured individually as a source. If the port channel is configured as a source, all member ports are source ports.
- A vHBA can be a source for either an Ethernet or Fibre Channel monitoring session, but it cannot be a source for both simultaneously.
- A server port can be a source only if it is a non-virtualized rack server adapter-facing port.
- Traffic monitoring can impose a significant load on your system resources. To minimize the load, select sources that carry as little unwanted traffic as possible and disable traffic monitoring when it is not needed.
Creating a Traffic Monitoring Session
Note |
The following example creates an Ethernet traffic monitoring session to copy and forward traffic to the destination port at slot 2, port 12, and commits the transaction:
UCS-A# scope eth-traffic-mon UCS-A /eth-traffic-mon # scope fabric a UCS-A /eth-traffic-mon/fabric # create eth-mon-session Monitor33 UCS-A /eth-traffic-mon/fabric/eth-mon-session* # create dest-interface 2 12 UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface* # commit-buffer UCS-A /eth-traffic-mon/fabric/eth-mon-session/dest-interface #
Adding Traffic Sources to the Monitoring Session
Adding an Uplink Source Port to a Monitoring Session
Note |
This procedure describes adding an Ethernet uplink port as a source for a traffic monitoring session. To add a Fibre Channel uplink port as a source, enter the scope fc-uplink command instead of the scope eth-uplink command in Step 1. |
A traffic monitoring session must be created.
The following example adds the ingress traffic on Ethernet uplink port 3 on slot 2 of fabric A as a source for a monitoring session and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # scope fabric a UCS-A /eth-uplink/fabric # scope interface 2 3 UCS-A /eth-uplink/fabric/interface # create mon-src Monitor23 UCS-A /eth-uplink/fabric/interface/mon-src* # set direction receive UCS-A /eth-uplink/fabric/interface/mon-src* # commit-buffer UCS-A /eth-uplink/fabric/interface/mon-src #
You can add additional sources to the traffic monitoring session.
Adding a vNIC or vHBA Source to a Monitoring Session
Note |
This procedure describes adding a vNIC as a source for a traffic monitoring session. To add a vHBA as a source, enter the scope vhba command instead of the scope vnic command in Step 2. |
A traffic monitoring session must be created.
The following example adds the ingress traffic on a dynamic vNIC as a source for a monitoring session and commits the transaction:
UCS-A# scope service-profile org / sp1 UCS-A /org/service-profile # scope vnic ether-dynamic-prot-009 UCS-A /org/service-profile/vnic # create mon-src Monitor23 UCS-A /org/service-profile/vnic/mon-src* # set direction receive UCS-A /org/service-profile/vnic/mon-src* # commit-buffer UCS-A /org/service-profile/vnic/mon-src #
You can add additional sources to the traffic monitoring session.
Adding a VLAN or VSAN Source to a Monitoring Session
Note |
A traffic monitoring session must be created.
The following example adds a local VLAN as a source for an Ethernet monitoring session and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # scope fabric a UCS-A /eth-uplink/fabric # create vlan vlan23 23 UCS-A /eth-uplink/fabric/vlan # create mon-src Monitor23 UCS-A /eth-uplink/fabric/vlan/mon-src* # commit-buffer UCS-A /eth-uplink/fabric/vlan/mon-src #
You can add additional sources to the traffic monitoring session.
Adding a Storage Port Source to a Monitoring Session
Note |
This procedure describes adding a Fibre Channel storage port as a source for a Fibre Channel traffic monitoring session. To add an FCoE storage port as a source for an Ethernet traffic monitoring session, enter the create interface fcoe command instead of the create interface fc command in Step 3. |
A traffic monitoring session must be created.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCS-A# scope fc-storage | Enters Fibre Channel storage port command mode. |
Step 2 | UCS-A /fc-storage # scope fabric {a | b} | Enters Fibre Channel storage port fabric mode for the specified fabric. |
Step 3 | UCS-A /fc-storage/fabric # create interface fc slot-num port-num | Creates a Fibre Channel storage port interface and enters the interface command mode. |
Step 4 | UCS-A /fc-storage/fabric/fc # create mon-src session-name | Adds the storage port as a source to the specified monitoring session. |
Step 5 | UCS-A /fc-storage/fabric/fc/mon-src # commit-buffer | Commits the transaction to the system configuration. |
The following example adds a Fibre Channel storage port on port 3 of slot 2 as a source for a Fibre Channel monitoring session and commits the transaction:
UCS-A# scope fc-storage UCS-A /fc-storage # scope fabric a UCS-A /fc-storage/fabric # create interface fc 2 3 UCS-A /fc-storage/fabric/fc* # create mon-src Monitor23 UCS-A /fc-storage/fabric/fc/mon-src* # commit-buffer UCS-A /fc-storage/fabric/fc/mon-src #
You can add additional sources to the traffic monitoring session.
Activating a Traffic Monitoring Session
Note |
Configure a traffic monitoring session.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCS-A# scope eth-traffic-mon | Enters Ethernet traffic monitoring command mode. |
Step 2 | UCS-A /eth-traffic-mon # scope fabric {a | b} | Enters traffic monitoring command mode for the specified fabric. |
Step 3 | UCS-A /eth-traffic-mon/fabric # scope eth-mon-session session-name | Enters the command mode of the traffic monitoring session with the specified name. |
Step 4 | UCS-A /eth-traffic-mon/fabric/eth-mon-session # disable | enable | Disables or enables the traffic monitoring session. |
Step 5 | UCS-A /eth-traffic-mon/fabric/eth-mon-session # commit-buffer | Commits the transaction to the system configuration. |
When activated, the traffic monitoring session begins forwarding traffic to the destination as soon as a traffic source is configured.
The following example activates an Ethernet traffic monitoring session and commits the transaction:
UCS-A# scope eth-traffic-mon UCS-A /eth-traffic-mon # scope fabric a UCS-A /eth-traffic-mon/fabric # scope eth-mon-session Monitor33 UCS-A /eth-traffic-mon/fabric/eth-mon-session # enable UCS-A /eth-traffic-mon/fabric/eth-mon-session* # commit-buffer UCS-A /eth-traffic-mon/fabric/eth-mon-session # show Ether Traffic Monitoring Session: Name Admin State Oper State Oper State Reason ---------- ----------------- ------------ ----------------- Monitor33 Enabled Up Active UCS-A /eth-traffic-mon/fabric/eth-mon-session #
Deleting a Traffic Monitoring Session
Note |
Command or Action | Purpose | |
---|---|---|
Step 1 | UCS-A# scope eth-traffic-mon | Enters Ethernet traffic monitoring command mode. |
Step 2 | UCS-A /eth-traffic-mon # scope fabric {a | b} | Enters traffic monitoring command mode for the specified fabric. |
Step 3 | UCS-A /eth-traffic-mon/fabric # delete eth-mon-session session-name | Deletes the traffic monitoring session with the specified name. |
Step 4 | UCS-A /eth-traffic-mon/fabric # commit-buffer | Commits the transaction to the system configuration. |
The following example deletes an Ethernet traffic monitoring session and commits the transaction:
UCS-A# scope eth-traffic-mon UCS-A /eth-traffic-mon # scope fabric a UCS-A /eth-traffic-mon/fabric # delete eth-mon-session Monitor33 UCS-A /eth-traffic-mon/fabric* # commit-buffer UCS-A /eth-traffic-mon/fabric #