VMware NSX

 View Only
  • 1.  Alternatives to port mirroring in a vSphere + NSX environment

    Posted 28 days ago

    Hi,

    vSphere + NSX (not overlay - using VLAN backed segments). I have 4 VMs with two NICs each. I'd like to take all network IO on those four and send them to a 5'th VM that will gather and analyze the data.

    VMware does not recommend solving it with port mirroring on dSwitch or in NSX, they point to Cisco.

    You can do it with Cisco, but you need a physical NIC that can be a dedicated destination for the packets. This is highly unpractical in a vSphere environment, you don't want special configurations with one or more hoste having one less physical NIC available for VM and management traffic.

    Has anyone been able to solve this in a slick way that gets me the best of all worlds?



  • 2.  RE: Alternatives to port mirroring in a vSphere + NSX environment

    Broadcom Employee
    Posted 27 days ago

    Hi, where exactly do you read that VMware does not recommend port mirroring and pointing to Cisco ? 

    NSX also has a packet copy feature, which uses the DFW function to duplicate a packet and send it out to a service VM running locally. Eg GIGAMON or NETSCOUT.

    Yves




  • 3.  RE: Alternatives to port mirroring in a vSphere + NSX environment

    Posted 27 days ago

    Hi Yves - I got this from my TAM. 

    Using VMware functionality for the port mirroring has proven difficult in our case. Before we installed NSX, we used the dSwitch port mirroring, and that worked fine. If you try to do the same with NSX installed (two VLANs, send them to a NIC on a tap VM), all traffic on the NSX segments configured with the source VLANs is blocked. Yes I know, this sounds wierd, and it is. 

    So I asked my TAM how they recommend we configure this (keep in mind - we're on VLAN backed segments for NSX, so no overlay or geneva tunneling - we only use NSX for its DFW, currently). He recommended we solve this on Cisco.

    That proved to be a challenge as well, as the Cisco port mirroring needs a physical port to send the traffic to. In a vSphere environment, you don't want to remove an uplink from any hosts and dedicate for port mirroring, as this impacts redundancy and constency across the cluster, and introduces a set of risks.

    Right now we're looking at Netscout as a possible solution.




  • 4.  RE: Alternatives to port mirroring in a vSphere + NSX environment

    Posted 26 days ago

    Thank you for sharing this information......

    Summit County Auditors