Hi,
I have a lab environment running on 2 ESXi 5 systems, aptly named ESXi and ESXi2.
One of the virtual machines running on ESXi is my firewall. The firewall has 3 interfaces, one of them is my external zone. I want to monitor traffic on that interface using a network monitoring tool that runs in a VM on the other host, ESXi2.
I have been trying to understand how a distributed vSwitch might be able to help me. The external interface on the firewall is connected to my vSwitch, which both my ESXi hosts participate in. My network monitoting tool is connected to the same vswitch.
I thought I could use either promiscuous mode on the vSwitch, or a port mirror setup, to achieve this but I just can't seem to get a copy of the firewall's external ports traffic to appear on the port of my network monitoring VM on ESXi2.
If I create port mirror session between the port of my firewall (port 4 on the vswitch) and the port of my network monitor VM (port 5 on the vswitch) I don't see the firewall's traffic on the network monitor.
Has anyone gotten a similar setup working? Can I not run a port mirror session acroos two ESXi hosts? Why can't I put a port mirroring port in promiscuous mode?