Create a Port Mirroring Session

Create a port mirroring session by using the vSphere Client to mirror vSphere Distributed Switch traffic to ports, uplinks, and remote IP addresses.

Prerequisites

Verify that the vSphere Distributed Switch is version 5.0.0 and later.

Types of Port Mirroring Session

To begin a port mirroring session, you must specify the type of port mirroring session.

Procedure

Browse to a distributed switch in the vSphere Client navigator.
Click the Configure tab and expand Settings.
Select the Port mirroring option and click New.

Select the session type for the port mirroring session.

Option	Description
Distributed Port Mirroring	Mirror packets from a number of distributed ports to other distributed ports on the same host. If the source and the destination are on different hosts, this session type does not function.
Remote Mirroring Source	Mirror packets from a number of distributed ports to specific uplink ports on the corresponding host.
Remote Mirroring Destination	Mirror packets from a number of VLANs to distributed ports.
Encapsulated Remote Mirroring (L3) Source	Mirror packets from a number of distributed ports to the IP addresses of a remote agent. The virtual machine’s traffic is mirrored to a physical or virtual destination through an IP tunnel.

Click Next.

Port Mirroring Name and Session Details

To continue creating a port mirroring session, specify the name, description, and session details for the new port mirroring session.

Procedure

Set the session properties. Different options are available for configuration depending on which session type you selected.

Option	Description
Name	You can enter a unique name for the port mirroring session, or accept the automatically generated session name.
Status	Use the drop down menu to enable or disable the session.
Session type	Displays the type of session you selected.
Encapsulation Type	Select GRE, ERSPAN TWO, or ERSPAN THREE. Note: This option is enabled when session type is set to Encapsulated Remote Mirroring (L3) Source.
Session ID	Specify an ERSPAN ID if encapsulation type is set to ERSPAN TWO or ERSPAN THREE. Note: This option is enabled when session type is set to Encapsulated Remote Mirroring (L3) Source.
Encapsulation VLAN ID	VLAN ID that encapsulates all frames at the destination ports. Note: If the original frames have a VLAN and Preserve original VLAN is not selected, the encapsulation VLAN replaces the original VLAN. This option is enabled when session type is set to Remote Mirroring Source.
Preserve original VLAN	Select Preserve original VLAN to keep the original VLAN in an inner tag so mirrored frames are double encapsulated. This option is enabled when session type is set to Remote Mirroring Source.
Normal I/O on destination ports	Use the drop-down menu to allow or disallow normal I/O on destination ports. This property is only available for uplink and distributed port destinations. If you disallow this option, mirrored traffic will be allowed on outgoing destination ports, but incoming traffic will not be allowed.
TCP/IP Stack	Use the drop down menu to select the type of TCP/IP stack. Default: The default TCP/IP stack. Mirror: Using mirror stack instead of default TCP/IP netstack can separate mirror traffic from management traffic. Without mirror stack, mirror traffic is bound to default TCP/IP stack. The management traffic also uses the default TCP/IP stack. If the mirror traffic is large, then it affects the management traffic. If you want to separate the mirror traffic from the default TCP/IP stack, then you can have a dedicated mirror netstack on the ESXi. You can enable this dedicated netstack while configuring Encapsulated Remote Mirroring sessions. Note: If you want to configure ERSPAN on a vSphere Distributed backed by ESXi on DPU, create a vmknic on mirror TCP/IP stack. Note: This option is enabled when session type is set to Encapsulated Remote Mirroring (L3) Source.
Mirrored packet length (Bytes)	Use the check box to enable mirrored packet length in bytes. This puts a limit on the size of mirrored frames. If this option is selected, all mirrored frames are truncated to the specified length.
Sampling rate	Select the rate at which packets are sampled. This is enabled by default for all port mirroring sessions except legacy sessions. Note: Sampling rate is not enabled if NSX transport node and Enhanced Network Stack (ENS) is enabled.
Description	You have the option to enter a description of the port mirroring session configuration.

Click Next.

Port Mirroring Sources

To continue creating a port mirroring session, select sources and traffic direction for the new port mirroring session.

You can create a port mirroring session without setting the source and destinations. When a source and destination are not set, a port mirroring session is created without the mirroring path. This allows you to create a port mirroring session with the correct properties set. Once the properties are set, you can edit the port mirroring session to add the source and destination information.

Note: Consider the following limitations when selecting port mirroring sources.

A source mirror port cannot be used in more than one mirror session.
A port cannot be used as a mirror source and mirror destination in the same or different mirror sessions at the same time.

Procedure

Select the source of the traffic to be mirrored and the traffic direction.

Depending on the type of port mirroring session you selected, different options are available for configuration.

Option	Description
Add existing ports from a list	Click Select distributed ports. A dialog box displays a list of existing ports. Select the check box next to the distributed port and click OK. You can choose more than one distributed port.
Add existing ports by port number	Click Add distributed ports, enter the port number and click OK.
Set the traffic direction	After adding ports, select the port in the list and click the ingress, egress, or ingress/egress button. Your choice appears in the Traffic Direction column.
Specify the source VLAN	If you selected a Remote Mirroring Destination sessions type, you must specify the source VLAN. Click Add to add a VLAN ID. Edit the ID by using the up and down arrows, or by clicking in the field and entering the VLAN ID manually.

Click Next.

Port Mirroring Destinations

To complete the creation of a port mirroring session, select ports or uplinks as destinations for the port mirroring session.

Port mirroring is checked against the VLAN forwarding policy. If the VLAN of the original frames is not equal to or trunked by the destination port, the frames are not mirrored.

Procedure

Select the destination for the port mirroring session.

Depending on which type of session you chose, different options are available.

Option	Description
Select a destination distributed port	Click Select distributed ports to select ports from a list, or click Add distributed ports to add ports by port number. You can add more than one distributed port.
Select an uplink	Select an available uplink from the list and click Add to add the uplink to the port mirroring session. You can select more than one uplink.
Select ports or uplinks	Click Select distributed ports to select ports from a list, or click Add distributed ports to add ports by port number. You can add more than one distributed port. Click Add uplinks to add uplinks as the destination. Select uplinks from the list and click OK.
Specify IP address	Click Add. A new list entry is created. Select the entry and either click Edit to enter the IP address, or click directly in the IP Address field and type the IP address. A warning appears if the IP address is invalid.

Click Next.
Review the information that you entered for the port mirroring session on the Ready to complete page.
(Optional) Use the Back button to edit the information.
Click Finish.

Results

The new port mirroring session appears in the Port Mirroring section of the Settings tab.