ESXi

 View Only
  • 1.  Promiscuous Mode vs. Port Mirroring

    Broadcom Employee
    Posted Sep 07, 2015 03:04 PM

    As distributed switch is providing both the options for the configuration. What exactly the use cases are for:-

    1. Promiscous mode instead of port mirroring?

    2. Port Mirroring instead of promiscous Mode?



  • 2.  RE: Promiscuous Mode vs. Port Mirroring

    Posted Sep 09, 2015 04:00 PM

    Hi,

    Use "port mirroring" to tap the communication of a dedicated VM or network adapter. The Tap-Device/Sniffer can be placed into another port-group.

    Promiscuous Mode will show traffic of all VM which are connected to the same Port-Group. You can enable Promisc-Mode on Port-Group-Level. So please keep in mind, that all VMs are able to traffic of other VMs.

    More about promisc-mode: VMware KB: How promiscuous mode works at the virtual switch and portgroup levels

    Greetings

    Falk



  • 3.  RE: Promiscuous Mode vs. Port Mirroring

    Posted Sep 13, 2015 08:24 PM

    Hi,

    The terms are generally synonymous. In those cases where there is a difference, promiscuous mode typically means that ALL switch traffic is forwarded to the promiscuous port, whereas port mirroring forwards (mirrors) only traffic sent to particular ports (not traffic to all pots).





  • 4.  RE: Promiscuous Mode vs. Port Mirroring

    Posted Sep 14, 2015 04:46 AM

    Just to clear this up,

    Port Mirroring, if you want to replicate all traffic from one port to another port. This is used to Mirror the traffic of a VM or VM's to a single port (or uplink). useful if you have a IDS or IPS to which you want to directly pass all traffic from a single or bunch of VM's

    Promiscuous mode, Any VM in a promiscuous port-group can see all traffic that is traversing the virtual switch. if you set this at the vswitch level remember to explicitly disable it on Port-groups that do not require this setting. useful if you have a IDS and IPS and want to monitor all traffic passing over the port-goup or goups.

    So to summarize, if you want to see all network traffic from a specific VM, or Multiple VM's use port mirror, if you want to see all traffic from a specific Port-Group, or Port-Groups, use Promiscuous.

    Rich