Port/Traffic mirroring is a tool that you will quickly learn to love as a network administrator. The process of port mirroring copies the traffic from the source port to the destination/exit port. Usually the source port has the traffic of interest, and the exit port usually has some sort of network monitoring tool attached (such as a laptop running Wireshark).
Today I am going to detail the process of configuring local port mirroring on a switch. The act of local port mirroring copies the traffic from one port to another port on the same switch. It is possible to redirect the traffic from the source port to a port on another switch (This is called remote mirroring), but this will be covered in another article.
Local port mirroring can be configured with two commands. The first command defines the mirroring session (you can have up to four per switch), as well as the exit port (the port to which the traffic should be mirrored). The following is an example of this command:
mirror 1 port A2
The mirror session number can be any number from one to four. Obviously the exit port can be any port on the switch, as long as it’s not the same as the source port.
Next the interface command is used to configure the source interface. Below is an example command:
interface A1 monitor all both mirror 1
The interface that is specified is the source interface. Next, the “monitor all both” command specifies to monitor all traffic in both directions (in and outbound). You have the option to change “both” to just “in” or “out”. Finally, you specify the mirror session that the traffic should be copied to. The session number should be the same number that you used in the previous “mirror” command.
This covers basic configuration of local port mirroring. With these commands you will be able to quickly configure a local mirroring session for troubleshooting. As with anything, refer to the manual for your switch for further configuration options.
Future articles will cover applying ACLs to mirroring sessions, as well as configuring remote mirroring sessions.
Recent news about at least two major fiber cuts in California have been stirring thoughts about how fragile the our network infrastructure really can be. These cuts have some very obvious consequences, such as wide spread internet outages that can have a major impact on many businesses. Many other services usually transition to fiber optic cable for their long-haul transit. The result in this particular case is that some areas are sans cell phone, land line, and emergency (911) services! Being without voice, video and data services today is the equivalent of being cut off from the rest of the world!
What concerns me the most is that were no backup links to keep mission critical services up and running in this case. From a networking perspective we design our networks to have multiple diverse paths in an attempt to avoid such outages. We also implement disaster recovery (DR) plans in the event that our best laid engineering plans are thwarted.
One question to answer is where does the responsibility lie with respect to maintaining emergency services in such a situation? Is it the responsibility of the carrier that is moving the packets to ensure that in the event of a fiber cut, packets deemed mission critical have an alternate route? It is my opinion that the responsibility for ensuring emergency service are not effected by fiber cuts lies with the local government. Just as it is the responsibility of a company to maintain redundant paths in the event that their primary service provider fails to meet their SLA.
From a business perspective, the company has the right to file for penalties according to their network agreement when their service provider does not meet their SLA, however the onus lies with the company to ensure business functions can continue when the service provider has a failure. I feel this same principal can extend to local governments and the emergency services they provide.
The best way to prevent mistakes in the future is to learn from those in the past. With any luck, this incident will bring some of these concerns into the public light so that they may be addressesed.