VMware Cloud Community
HansdeJongh
Enthusiast
Enthusiast
‎04-10-2012 05:19 AM

Port Mirroring + VDS + 2 hosts

Hello,


Maybe a "stupid" question:

I need Port mirroring for an IDS system.

I have a VDS with 2 uplinks and around 43 portgroups (all different vlan's).

This VDS is on 2 different hosts.

Now i need to mirror all traffic on all ports to IDS virtual machine.

Is that possible?

I mean what happens with traffic that is on host 2 while the IDS (port mirror target) is on host 1?

And other "stupid" question: what happens if my 2x 1GB uplinks are completely serturated?

Regards

Hans

Tags (2)
0 Kudos
5 Replies
kjb007
Immortal
Immortal
‎04-10-2012 06:40 AM

The Port Mirror is created at a dvSwitch level, so it should not make a difference how many hosts you have, they should all ultimately copy the packets to where you select.

Also, you're selecting vm ports on the switch, and you have to select which ones you want and the direction you want whether it's one or the other or both, and then mirroring that to a destination port, or if you want to completely separate traffic, you can select an uplink, and add in separate dedicated physical NICs on the hosts themselves.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
HansdeJongh
Enthusiast
Enthusiast
‎05-03-2012 03:11 AM

Hi KjB,

Did you test this? I have been testing it but as far as i can see it will only work when the 2 vm`s are on the same host.

This is also confirmed by a vmware support engineer

regards

0 Kudos
4nd7
Enthusiast
Enthusiast
‎05-06-2012 12:37 PM

Hello,

I was just playing with Port Mirroring and the conclusion is the same: if the VMs, source and analyzer are on the same host, the traffic is mirrored. If the vms are on different hosts, mirroring breaks.

0 Kudos
ShabbirAhmed
Contributor
Contributor
‎05-13-2012 02:45 AM

Hi Guys, Does anyone found why port mirroring across different host doesnt work? In whitepaper (http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-50-Networking-Technical-Whitepape...) it clearly says it should work whether its in same host or different.

0 Kudos
dlaemmle
Enthusiast
Enthusiast
‎10-14-2012 11:02 PM

Any updates from VMWare on this?

The port mirror functionality does not appear to work as advertised.

I have 2 ESX servers connected with all traffic to and from the VMs going through a vDS.

i have an analyzer on ESX1

I have a server and client on both ESX servers

Port mirror has all 4 source ports mirroring to the Analyzer Destination port

clientESX1  to serverESX1  AnalyzerESX1 sees it.

clientESX1 to serverESX2  AnallyzerESX1 sees it

clientESX2 to serverESX1 AnalyzerESX1 sees it.

External to serverESX1 AnalyzerESX1 sees it.

clientESX2 to serverESX2 AnalyzerESX1 does not see it.

external to Server ESX2 AnalyzerESX1 does not see it.

this really seems like a basic port mirror failure.

0 Kudos