You can configure filters for port mirroring sessions to limit the amount of data that is mirrored.

This feature has the following capabilities and restrictions:
  • Only ESXi host transport nodes are supported.
  • IP address, IP prefix, and IP ranges are supported for source and destination.
  • IPSet for source or destination is not supported.
  • Mirror statistics are not supported.

You must configure filters using the API. Using the NSX Manager UI is not supported. For more information about the port mirroring API and the PortMirroringFilter schema, see the NSX API Guide.

Procedure

  1. Configure a port mirroring session using the NSX Manager UI or API.
  2. Call the GET /api/v1/mirror-sessions API to get information about the port mirroring session.
  3. Call the PUT /api/v1/mirror-sessions/<mirror-session-id> API to add one or more filters. For example,
    PUT https://<nsx-mgr>/api/v1/mirror-sessions/e57e8b2d-3047-4550-b230-dd1ee0e10b49
    {
      "resource_type": "PortMirroringSession",
      "id": "e57e8b2d-3047-4550-b230-dd1ee0e10b49",
      "display_name": "port-mirror-session-1",
      "description": "Pnic port mirror session 1",
      "mirror_sources": [
        {
          "resource_type": "LogicalPortMirrorSource",
          "port_ids": [
              "6a361832-43e4-430d-a48a-b84a6cba73c3"
          ]
        }
      ],
      "mirror_destination": {
        "resource_type": "LogicalPortMirrorDestination",
        "port_ids": [
            "3e42e8b2d-3047-4550-b230-dd1ee0e10b34"
        ]
      },
      "port_mirrorring_filters": [
          {
              "filter_action": "MIRROR",
              "src_ips": {
                 "ip-addresses": [
                     "192.168.175.250",
                     "2001:bd6::c:2957:160:126"
                 ]
              }
              "dst_ips": {
                 "ip-addresses": [
                     "192.168.160.126",
                     "2001:bd6::c:2957:175:250"
                 ]
              }
          }
      }
      "session_type": "LogicalPortMirrorSession",
      "preserve_original_vlan": false,
      "direction": "BIDIRECTIONAL",
      "_revision": 0
    }
  4. (Optional) You can call the get mirroring-session <session-number> CLI command to show the properties of the port mirroring session, including the filters.