You can configure filters for port mirroring sessions to limit the amount of data that is mirrored.
This feature has the following capabilities and restrictions:
- Only ESXi and KVM host transport nodes are supported.
- IP address, IP prefix, and IP ranges are supported for source and destination.
- IPSet for source or destination is not supported.
- Mirror statistics on ESXi or KVM are not supported.
You must configure filters using the API. Using the NSX Manager UI is not supported. For more information about the port mirroring API and the PortMirroringFilter schema, see the NSX-T Data Center API Reference.
Procedure
- Configure a port mirroring session using the NSX Manager UI or API.
- Call the GET /api/v1/mirror-sessions API to get information about the port mirroring session.
- Call the GET /api/v1/mirror-sessions/<mirror-session-id> API to add one or more filters. For example,
PUT https://<nsx-mgr>/api/v1/mirror-sessions/e57e8b2d-3047-4550-b230-dd1ee0e10b49
{
"resource_type": "PortMirroringSession",
"id": "e57e8b2d-3047-4550-b230-dd1ee0e10b49",
"display_name": "port-mirror-session-1",
"description": "Pnic port mirror session 1",
"mirror_sources": [
{
"resource_type": "LogicalPortMirrorSource",
"port_ids": [
"6a361832-43e4-430d-a48a-b84a6cba73c3"
]
}
],
"mirror_destination": {
"resource_type": "LogicalPortMirrorDestination",
"port_ids": [
"3e42e8b2d-3047-4550-b230-dd1ee0e10b34"
]
},
"port_mirrorring_filters": [
{
"filter_action": "MIRROR",
"src_ips": {
"ip-addresses": [
"192.168.175.250",
"2001:bd6::c:2957:160:126"
]
}
"dst_ips": {
"ip-addresses": [
"192.168.160.126",
"2001:bd6::c:2957:175:250"
]
}
}
}
"session_type": "LogicalPortMirrorSession",
"preserve_original_vlan": false,
"direction": "BIDIRECTIONAL",
"_revision": 0
}
- (Optional) You can call the get mirroring-session <session-number> CLI command to show the properties of the port mirroring session, including the filters.
