beautypg.com

Brocade FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide User Manual

Page 247

background image

• SX-FI-2XG
• SX-FI-8XG
• SX-FI48GPP

NOTE
Egress VLAN-based mirroring is not currently supported on the stacking platforms.

The FastIron X Series of modules are capable of monitoring 4096 VLANs. In a chassis environment,
this introduces restrictions to the number of ports that can be configured as mirror ports. Because a
single VLAN can contain 384 untagged ports (24 per slot) if that VLAN is configured for monitoring,
every device must have an identical number of corresponding analyzer ports. However, the egress
mirror-port and ingress mirror-port do not have to be the same. You can use two separate ports.

This introduces restrictions on port-based mirroring coexisting with VLAN-based mirroring. Port-based
mirroring allows for multiple ports to be configured as mirror-ports. However, once a particular port
belonging to a particular device is configured for monitoring to a specific mirror-port, no other mirror-port
can be used to monitor any other port on that device. This restriction has been extended to VLAN-
based mirroring, with one caveat: only one mirror-port in either direction at a time can exist within the
system. Refer to

About port regions

on page 19 for a list of valid port ranges on these devices.

VLAN-based mirroring is also supported on ICX 6650 devices.

Restrictions and capabilities of VLAN-based mirroring

The following is a list of restrictions and capabilities:

• Only the modules that support VLAN-based mirroring should be installed.
• There can be only one input or output mirror-port configured in the system at a time.
• The amount of traffic mirrored is limited by the bandwidth of the mirror-port.
• The maximum amount of egress traffic that can be mirrored is further limited by the bandwidth of the

loopback port, which is 10 Gbps.

• The monitored VLAN must be created in hardware.
• An ingress or egress mirror-port must be configured when monitoring the ingress or egress VLAN

traffic.

• A maximum of 4096 VLANs can be monitored at a time.
• A VLAN can be monitored for ingress and egress traffic concurrently.
• Port mirroring can be configured concurrently with VLAN-based mirroring, but only one mirror-port

can be used for both.

• sFlow can be enabled concurrently with VLAN-based mirroring and port mirroring.
• VLAN-based mirroring is supported on the default VLAN. If the default VLAN is changed dynamically,

the configuration is not lost.

• VLAN-based mirroring on VLAN groups is not supported, but it is supported on topology groups.
• In the case of enabling VLAN-based monitoring on the interface modules in an MCT-enabled

chassis, the VLAN configuration is not synced across the cluster. Each chassis in the cluster is
configured independently for VLAN configuration.

One of the concerns about VLAN-based mirroring is the effects of ingress and egress ACLs, as well as
rate shaping and rate limiting, on mirrored packets:

• Ingress VLAN-based mirroring: Any packets that are coming in from the network on the VLAN should

be mirrored out. Any ingress ACL actions or rate limiting actions do not take precedence in this case.

• Egress VLAN-based mirroring: Any packets that are sent out onto the network are not affected by

egress ACLs or rate shaping.

See the following table for a summary of the effects of ACLs and rate limiting.

Restrictions and capabilities of VLAN-based mirroring

FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide

247

53-1003086-04

See also other documents in the category Brocade Computer Accessories: