You can use port mirroring to analyze network traffic for debugging or troubleshooting purposes. Port mirroring allows you to copy all network packets or specific packets that are seen on the segment port (or an entire segment) to another segment port.

Logical Span session type is supported only for overlay segments and not for VLAN segments.
Port mirroring is supported on ENS and Non-ENS for Remote L3 Span session type.
Note: Port Mirroring is not recommended for monitoring because when used for longer durations performance is impacted.

Starting with NSX 4.0.1.1, vSphere Distributed Services Engine provides the ability to offload some of the network operations from your server CPU to a Data Processing Unit (DPU also known as SmartNIC). vSphere 8.0 supports NVIDIA BlueFiled and AMD Pensando DPU devices only.

For more information about VMware vSphere Distributed Services Engine, see Introducing VMware vSphere® Distributed Services EngineTM and Networking Acceleration by Using DPUs in the VMware vSphere® product documentation.

Procedure

  1. With admin privileges, log in to NSX Manager.
  2. Select Plan & Troubleshoot > Port Mirroring.
  3. Select Add Session > Remote L3 Span or Add Session > Logical Span.
  4. Enter a name and optionally a description.
  5. Configure the properties of the port mirroring session.
    Session Type Properties
    Remote L3 Span
    • Direction - Select Bidirectional, Ingress, or Egress.
    • TCP/IP Stack - Select Default or Mirror. To use Mirror, you must bind the vmknic to the mirror stack in vSphere.
      Note: If you want to configure ERSPAN on DPU backed VDS, you must create vmknic on 'mirror' TCP/IP stack.
      The behaviour of ERPSAN on AMD Pensando DPU and NVIDIA BlueFiled DPU is different:
      • AMD Pensando DPU device supports full offloading. This means that the mirroring is completely handled by hardware (DPU). However, AMD Pensando supports only 6 destination IPs. If it exceeds them, it will use partial offloading.
      • NVIDIA BlueFiled DPU device supports partial offloading. This means that the production traffic is handled by hardware (DPU) and mirrored packets are handled by software (ESXi on DPU).
    • Snap Length - Specify the number of bytes to capture from a packet. If this parameter is specified, the packet is truncated to the specified length. If not specified, the entire packet is mirrored. Supported range of values is 60–65535.
    • Encapsulation Type - Select GRE, ERSPAN TWO, or ERSPAN THREE.
    • GRE Key - Specify a 32-bit GRE key if encapsulation type is GRE.
    • ERSPAN ID - Specify an ERSPAN ID if encapsulation type is ERSPAN TWO or ERSPAN THREE. Supported range of values is 0–1023. The physical switch uses the ERSPAN ID to forward the mirrored traffic.
    Logical Span
    • Direction - Select Bidirectional, Ingress, or Egress.
    • Snap Length - Specify the number of bytes to capture from a packet. If this parameter is specified, the packet is truncated to the specified length. If not specified, the entire packet is mirrored. Supported range of values is 60–65535.
  6. Click Set in the Source column to set a source.
    For a Logical Span session, the available sources are:
    • Segment port
    • Group of virtual machines
    • Group of virtual network interfaces
    For a Remote L3 Span session, the available sources are:
    • Segment
    • Segment port
    • Group of virtual machines
    • Group of virtual network interfaces
    The following restrictions apply when you select a group of VMs or a group of virtual network interfaces:
    • The group can have a maximum of six VMs that are statically added.
    • The group can have a maximum of six virtual network interfaces that are statically added.
  7. Click Set in the Destination column to set a destination.
    For a Logical Span session, the available destinations are:
    • Group of virtual machines
    • Group of virtual network interfaces
    The following restrictions apply when you select a group of VMs or a group of virtual network interfaces:
    • The group can have a maximum of three VMs that are statically added.
    • The group can have a maximum of three virtual network interfaces that are statically added.

    For a Remote L3 Span session, the available destination is an IP Addresses Only group. The group can have a maximum of three IPs.

  8. (Optional) Instead of mirroring all the network packets from the source, you can filter the packets that are captured for port mirroring.
    1. Expand the Advanced Mirroring Filters section.
    2. Select an Action.
      Action Description
      Include Packets that match the filter are mirrored.
      Exclude Packets that do not match the filter are mirrored.
    3. Next to Filters, click Set, and then click Add Filter.
    4. Specify the filter properties.
      Only one filter is supported.
      Property Description

      Protocol

      The transport protocol that is used to filter the packets. Available options are TCP, UDP.

      Source IPs

      The source IP address, IP range, or IP prefix that is used to filter the packets.

      Source Port

      The source port or port range that is used to filter the packets.

      Destination IPs

      The destination IP address, IP range, or IP prefix that is used to filter the packets.

      Destination Port

      The destination port or port range that is used to filter the packets.
  9. Click Save.