DVMirror v2 aka Port Mirroring – Closing the competition with Cisco N1KV

Few days back I wrote an article on DMZ Packet visibility solution where we had to rely/depend on Cisco Nexus 1000v for this. But now with the new release of vSphere 5.1, we can use native vDS to achieve this functionality.

DVMirror is VMware’s port mirroring feature which is similar to Cisco’s SPAN/RSPAN/ERSPAN and HP’s port mirroring.

Port mirroring duplicates a port’s packets and send them to another port, for monitoring, troubleshooting, etc.

DVMirror mirrors Virtual Machines traffic in two traffic directions:

Ingress traffic –  from VM to vDS
Egress traffic – from vDS to VM

We have already seen the v1 in vSphere 5.0 release, but with the new release of vSphere 5.1, VMware brought some changes to this feature on table. Let us see what are the changes in DVMirror v2.

DVMirror v2 has the following enhancements:
            Remote mirror
            RSPAN source/destination
            ERSPAN source

New option
            Sampling rate –  Number of packets mirrored

Improved User Interface
            More assistant information

Now, I will talk about how it works for Mirror to RSPAN Destination, Mirron from RSPAN Source and ERSPAN Source.

Mirror to RSPAN Destination

A network administrator possibly wants to use a physical device (such as a small Physical Destop) to monitor a VM’s traffic.

The physical device is connected to a physical switch and configured as RSPAN destination.
The traffic of VM 1 is mirrored to an uplink, and then encapsulated by a dedicated RSPAN VLAN. These packets travel across the intermediate switches, and finally arrive at the destination.

Mirror from RSPAN source

A network administrator possibly wants to use a VM or a vmknic to monitor a physical device’s traffic.

The physical device is connected to a physical switch and configured as RSPAN source.
The traffic of the physical device is mirrored to the vDS via the intermediate switches, encapsulated by a dedicated RSPAN VLAN.


ERSPAN Source

A network administrator possibly wants to use a physical device (such as a Physical Desktop) to monitor a VM that is located in another layer-3 subnet.

The DVPort that the VM is connected to is configured as the source of a ERMirror source session, and the physical box’s IP is configured as destination.

 

2 thoughts on “DVMirror v2 aka Port Mirroring – Closing the competition with Cisco N1KV

  1. Pingback: Welcome to vSphere-land! » vSphere 5.1 Link-O-Rama

  2. Hi,

    I think this is a really interesting article. I have one doubt. If the physical device connected to physical switches cannot take an IP address (it is only an analysis tool and has no IP/TCP stack), is this ERSPAN compatible with CIsco ERSPAN? I mean, could we configure an “erspan-destination session” on Cisco switches? Should it work?