Port mirroring question
Essendon
Member Posts: 4,546 ■■■■■■■■■■
Quick one for you folks, need clarification about traffic direction.
1. Ingress means coming into the vDS, so coming out of a port (say VM1). So we mirror traffic coming out of VM1, correct?
2. Egress means coming to VM1, correct? So traffic bound for VM1?
I've read a few blog posts on VMware.com but this wasnt completely clear.
1. Ingress means coming into the vDS, so coming out of a port (say VM1). So we mirror traffic coming out of VM1, correct?
2. Egress means coming to VM1, correct? So traffic bound for VM1?
I've read a few blog posts on VMware.com but this wasnt completely clear.
Comments
-
Essendon
Member Posts: 4,546 ■■■■■■■■■■
Testing out port mirroring in my lab Dave. I dont know where you'd use one over the other apart from the different options available in either. Can you shed some light?
Thanks for the answer. -
dave330i
Member Posts: 2,091 ■■■■■■■■■■
Testing out port mirroring in my lab Dave. I dont know where you'd use one over the other apart from the different options available in either. Can you shed some light?
Thanks for the answer.
Best use case I've read about port mirroring is for IDS. Netflow is for netflow analyzer.2018 Certification Goals: Maybe VMware Sales Cert
"Simplify, then add lightness" -Colin Chapman -
TheNewITGuy
Member Posts: 169 ■■■■□□□□□□
You would use port mirroring to mirror traffic
IDS/Call Captures/Wireshark etc. Egress is exiting and Ingress is coming in, depending on the device we're mirroring. So say we have vmgroup tied to vmnic1 and we're passing vlan 20,30,40 off the servers in that group. We can setup a SPAN port on the switch to mirror traffic for that particular vlan. So ingress would be into the switch and egress would be sent to the host.
We can then set up an appliance on the span port to capture the L2 traffic of that vlan.