Port Mirroring in vSphere Distributed Switch(VDS)

by saurav116, posted in ESXi6, Uncategorized, vSphere 6, vSphere Distributed Switch, vSphere Web Client

In this blog, I will shows how to configure and use the Port Mirroring functionality in the vSphere Distributed Switch.

Port mirroring is the capability on a network switch to send a copy of network packets seen on a switch port to a network-monitoring device connected to another switch port. Port mirroring is also referred to as Switch Port Analyzer (SPAN) on Cisco switches. In VMware vSphere, a Distributed Switch provides a similar port mirroring capability that is available on a physical network switch. After a port mirror session is configured with a destination—a virtual machine, a vmknic or an uplink port—the Distributed Switch copies packets to the destination.

In this blog I will use Linux01 VM to capture and monitor mirrored traffic of Linux02 VM.

  1. In the vSphere web client , go to VM and Templates in the inventory tree and open the console of Linux01 machine which I will configure to capture the traffic from Linux02 VM1
  2. Monitor the command output for a few seconds and verify that ICMP traffic is not being captured. tcpdump output remains silent until ICMP traffic is detected on the network
  3. Leave the console window open, with the tcpdump command running uninterrupted
  4. In vSphere Web Client under VM and Templates, Right-click the Linux02 virtual machine and select Power > Power On.
  5. After the Linux02 virtual machine starts, sign on as root. The Linux02 virtual machine is used as the traffic source to be monitored.
  6. At the Linux02 command prompt, ping the default router. In my case my router in on 172.20.10.102
  7. Go back to Linux01 VM again and click the Linux01 console tab.
  8. In the console window, verify that the running tcpdump command is the same as before and has not captured any ICMP traffic

Now i will configure the Distributed Switch for port mirroring

  • In the Web Client on the left pane, click the Networking icon.
  • In the Networking inventory tree, select the dvs-Lab distributed switch.
  • In the middle pane, click the Manage tab and click the Settings tab.
  • Click the Port mirroring link.
  • In the Port mirroring panel, click the New link.

3

  • In the Add Port Mirroring Session dialog box, leave the Distributed Port Mirroring     radio button selected and click Next.4
  • Under Edit properties, select Enabled from the Status drop-down menu.
  • From the Normal I/O on destination ports drop-down menu, select Allowed.
  • Click Next5
  • Under Select sources, click the Select distributed ports icon.6
  • In the Select Ports dialog box, select the check box for the row with a connected entity of Linux02 and click OK.7.png
  • click Next8
  • Under Select destinations, click the Select distributed ports icon.9
  • In the Select Ports dialog box, select the check box for the row with a connected entity of Linux01 and click OK.10
  • Click Next11.png
  • Under Ready to complete, review settings and click Finish.12
  • In the Firefox window, click theLinux02 console tab.
  • Verify that the ping command is still reaching the default router at 172.20.10.10.
  • In the Linux01 console, examine the tcpdump output in the terminal window.
  • The output looks similar to the following example13.png
  • You can see Now that the Linux01 (destination) has started mirroring the ICMP pings from Linux02 VM (Source).

One thought on “Port Mirroring in vSphere Distributed Switch(VDS)

  1. Pingback: Port Mirroring in vSphere Distributed Switch(VDS) | Virtualplain

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s