Port mirroring question

Essendon · March 2013

Quick one for you folks, need clarification about traffic direction.

1. Ingress means coming into the vDS, so coming out of a port (say VM1). So we mirror traffic coming out of VM1, correct?
2. Egress means coming to VM1, correct? So traffic bound for VM1?

I've read a few blog posts on VMware.com but this wasnt completely clear.

Essendon · March 2013

Testing out port mirroring in my lab Dave. I dont know where you'd use one over the other apart from the different options available in either. Can you shed some light?

Thanks for the answer.

dave330i · March 2013

Essendon wrote: »

Testing out port mirroring in my lab Dave. I dont know where you'd use one over the other apart from the different options available in either. Can you shed some light?

Thanks for the answer.

Best use case I've read about port mirroring is for IDS. Netflow is for netflow analyzer.

Essendon · March 2013

Cheers mate, just read that too.

TheNewITGuy · March 2013

You would use port mirroring to mirror traffic

IDS/Call Captures/Wireshark etc. Egress is exiting and Ingress is coming in, depending on the device we're mirroring. So say we have vmgroup tied to vmnic1 and we're passing vlan 20,30,40 off the servers in that group. We can setup a SPAN port on the switch to mirror traffic for that particular vlan. So ingress would be into the switch and egress would be sent to the host.

We can then set up an appliance on the span port to capture the L2 traffic of that vlan.

Port mirroring question

Comments