CN101075920A - Method for monitoring switching system far-end port - Google Patents
Method for monitoring switching system far-end port Download PDFInfo
- Publication number
- CN101075920A CN101075920A CNA2007101179678A CN200710117967A CN101075920A CN 101075920 A CN101075920 A CN 101075920A CN A2007101179678 A CNA2007101179678 A CN A2007101179678A CN 200710117967 A CN200710117967 A CN 200710117967A CN 101075920 A CN101075920 A CN 101075920A
- Authority
- CN
- China
- Prior art keywords
- port
- switch
- vlan
- rspan
- remote monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The method comprises: a) setting up the port mirroring on the source switch; the source mirror port and the destination mirror port all are located on the source switch; connecting the destination port to the edge switch in RSPAN VLAN domain; b) on said edge switch, enabling the QinQ on the port connected to the destination port; c) adding the monitoring port on the destination switch into RSPAN VLAN domain by using a de-labeling approach.
Description
Technical field
The present invention relates to network equipment monitoring and diagnosis technology, particularly relate to a kind of method that realizes the switch ports themselves remote monitoring.
Background technology
Present many Support Port Mirrorings of switch function, Port Mirroring are meant that the data traffic with the one or more source ports (by mirror port) on the switch copies to the destination interface (policing port) of an appointment.Can on policing port, obtain by Port Mirroring, so that carry out flow analysis, error diagnosis of network etc. by the data of mirror port.To be copied to the policing port of appointment by the flow of mirror port, and be used for the location and the detection of problem, its process does not influence the normal forwarding of data.
Cisco company for the monitoring of port proposed the switching port analysis (Switched Port Analyzer, SPAN) and the far-end switching port analyze (Remote Switched Port Analyzer, RSPAN) technology.The SPAN technology allows to be replicated by the flow of the arbitrary port on the network equipment, and be passed to single port on the same equipment, wherein, enter SPAN and allow some or all data that enter one or more designated ports are monitored, the SPAN that goes out allows some or all data of going out from one or more designated ports are monitored.As seen, SPAN provide the Port Mirroring function just based on this switch, another port on promptly from the one or more Port Mirroring on the switch to this switch owing to do not realize the remote monitoring of port, its range of application is restricted.
The RSPAN technology provides a kind of method that realizes the switch ports themselves remote monitoring.The step of configuration RSPAN is: and the VLAN of establishment RSPAN special use (Virtual Local Area Network, VLAN); Defining this VLAN is RSPANVLAN; The source port of definition source switch; The destination interface of definition source switch; The source port of definition purpose switch; The destination interface of definition purpose switch.As shown in Figure 1, by the data traffic on the designated switch 1 being duplicated and send to the policing port of the appointment on the switch 2, thereby broken the restriction of unit port monitoring by the RSPAN vlan domain of creating.That is to say that RSPAN allows the pass traffic that will the duplicate port to the distant-end switch, realized the remote monitoring of switch ports themselves.But this kind method needs the support of the hardware chip of switch to the RSPAN function, and its range of application also is restricted.
Thereby, when the hardware chip of switch is not supported the RSPAN function, how to realize that the remote monitoring of port just becomes the technical problem that needs to be resolved hurrily.
Summary of the invention
Technical problem to be solved by this invention provides a kind of method that realizes the switch ports themselves remote monitoring, does not need switch to support the RSPAN function, just can realize the remote monitoring of port.
For solving the problems of the technologies described above, it is as follows to the invention provides technical scheme:
A kind of method that realizes the switch ports themselves remote monitoring comprises step:
A, on the switch of source the configured port mirror image, disposed by mirror port and destination interface all on the switch of source, and destination interface is connected with edge switch in the RSPAN vlan domain;
B, on described edge switch, the port that is connected with described destination interface is enabled QinQ;
C, the policing port on the purpose switch is joined in the described RSPAN vlan domain to go the label mode.
Method of the present invention wherein, further comprises before the steps A: create a RSPAN vlan domain that is used for the remote port mirror image.
Method of the present invention, wherein, the RSPANVLAN territory that one of described establishment is used for the remote port mirror image is specially: create a VLAN; The VLAN that configuration is created is RSPAN VLAN.
Method of the present invention, among the step B, when the port to described connection enables QinQ, further assigned priority in the outside VLAN label.
Compared with prior art, the invention has the beneficial effects as follows:
Method of the present invention uses common vlan technology to realize the remote port mirror image by use QinQ (two-layer IEEE802.1Q label encapsulation) technology on switch, thereby, do not need switch to support the RSPAN function, just can realize the remote monitoring of port.
Description of drawings
Fig. 1 is the application example schematic diagram of RSPAN;
Fig. 2 is the flow chart of the switch ports themselves remote monitoring method of preferred embodiment of the present invention;
Fig. 3 is the data flow diagram of the switch ports themselves remote monitoring method of preferred embodiment of the present invention;
Fig. 4 is a concrete application example schematic diagram of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, describe the present invention below in conjunction with the accompanying drawings and the specific embodiments.
Key of the present invention is, by on switch, using two label (Tag) technology of QinQ, use common vlan technology to realize the remote port mirror image, method of the present invention realizes the remote monitoring of port on the switch that enables double T ag, be not limited to the support of the hardware chip of switch to the RSPAN function.
Please refer to Fig. 2 and Fig. 3, the switch ports themselves remote monitoring method of preferred embodiment of the present invention comprises the steps:
At first create a VLAN, disposing this VLAN then is RSPAN VLAN.So, the data flow of mirror image just can be transmitted in the RSPAN vlan domain of creating, and is sent to the policing port of purpose switch.
After carrying out described configuration, the source switch is copied to the port (destination interface) of appointment on this switch by the mirror image data of mirror port, after mirror image data copies to destination interface, flows out to edge switch the RSPAN vlan domain from destination interface.
The VLAN ID of supposing the RSPAN vlan domain of establishment in step 201 is RSPANVID, then after enabling QinQ, this port is stamped an outside VLAN label to the packet that enters, and the VLAN ID that this outside VLAN label carries is RSPAN VID.Like this, mirror image data just is limited in the RSPAN vlan domain.In addition, the user can also be in the outside VLAN label assigned priority.
After joining final policing port in the RSPAN vlan domain, the data flow that flows out from this policing port will be removed the virtual local area network tags RSPAN VID of RSPAN, and reduction becomes original data flow, thereby keeps the consistency of mirror image data.
Below provide a concrete application example of the present invention.
Please refer to Fig. 4, in switch device, realize that by method of the present invention the process of port remote monitoring is as follows:
At first, according to user's request configured port mirror image, and appointment and RSPAN vlan domain purpose of connecting port (VLAN ID of supposing the RSPAN vlan domain of establishment is 1000):
zxr10#cont
zxr10(config)#interface?gei_1/1
zxr10(config-if)#monitor?session?1?source
zxr10(config-if)#exit
zxr10(config)#interface?gei_1/3
zxr10(config-if)#monitor?session?1?destination
zxr10(config-if)#exit
Then, on the edge switch of RSPAN vlan domain, the port that is connected with described destination interface is enabled QinQ:
zxr10(config)#interface?gei_1/1
zxr10(config-if)#switchport?qinq?customer
zxr10(config-if)#exit
Then, final policing port is joined in the RSPAN vlan domain in the Untag mode:
zxr10(config)#interface?gei_1/10
zxr10(config-if)#switchport?mode?access
zxr10(config-if)#switchport?access?vlan?1000
In sum, method of the present invention is used the combination of vlan technology and QinQ technology, mirror image data is isolated from the RSPAN vlan domain of establishment, processing by VLAN, mirror image data is sent to far-end purpose policing port, realizes carrying out flow analysis, error diagnosis of network etc., like this, do not need switch to support the RSPAN function, just can realize the remote monitoring of port.
Should be noted that at last, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not breaking away from the spiritual scope of technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (4)
1. a method that realizes the switch ports themselves remote monitoring is characterized in that, comprises step:
A, on the switch of source the configured port mirror image, disposed by mirror port and destination interface all on the switch of source, and destination interface is connected with edge switch in the RSPAN vlan domain;
B, on described edge switch, the port that is connected with described destination interface is enabled QinQ;
C, the policing port on the purpose switch is joined in the described RSPAN vlan domain to go the label mode.
2. the method for realization switch ports themselves remote monitoring as claimed in claim 1 is characterized in that, further comprises before the steps A:
Create a RSPAN vlan domain that is used for the remote port mirror image.
3. the method for realization switch ports themselves remote monitoring as claimed in claim 2 is characterized in that, the RSPAN vlan domain that one of described establishment is used for the remote port mirror image is specially:
Create a VLAN;
The VLAN that configuration is created is RSPAN VLAN.
4. the method for realization switch ports themselves remote monitoring as claimed in claim 1 is characterized in that:
Among the step B, when the port to described connection enables QinQ, further assigned priority in the outside VLAN label.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101179678A CN101075920A (en) | 2007-06-26 | 2007-06-26 | Method for monitoring switching system far-end port |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101179678A CN101075920A (en) | 2007-06-26 | 2007-06-26 | Method for monitoring switching system far-end port |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101075920A true CN101075920A (en) | 2007-11-21 |
Family
ID=38976749
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101179678A Pending CN101075920A (en) | 2007-06-26 | 2007-06-26 | Method for monitoring switching system far-end port |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101075920A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420760A (en) * | 2011-12-02 | 2012-04-18 | 盛科网络(苏州)有限公司 | Method and device for realizing forwarding among chips through Internet encapsulation packet processing header |
| WO2012156836A1 (en) * | 2011-05-14 | 2012-11-22 | International Business Machines Corporation | Method for providing location independent dynamic port mirroring on distributed virtual switches |
| CN102870377A (en) * | 2012-06-30 | 2013-01-09 | 华为技术有限公司 | Monitoring method and device for virtual port |
| CN103457796A (en) * | 2013-08-29 | 2013-12-18 | 国家电网公司 | Monitoring method across switches in intelligent substation |
| GB2505123A (en) * | 2011-05-24 | 2014-02-19 | Avaya Inc | Social media identity discovery and mapping |
| CN114124473A (en) * | 2021-11-02 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Network access authentication system and authentication method based on port mirror image |
-
2007
- 2007-06-26 CN CNA2007101179678A patent/CN101075920A/en active Pending
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2505360B (en) * | 2011-05-14 | 2018-07-25 | Ibm | Method for providing location independent dynamic port mirroring on distributed virtual switches |
| WO2012156836A1 (en) * | 2011-05-14 | 2012-11-22 | International Business Machines Corporation | Method for providing location independent dynamic port mirroring on distributed virtual switches |
| US8635614B2 (en) | 2011-05-14 | 2014-01-21 | International Business Machines Corporation | Method for providing location independent dynamic port mirroring on distributed virtual switches |
| US8645952B2 (en) | 2011-05-14 | 2014-02-04 | International Business Machines Corporation | Method for providing location independent dynamic port mirroring on distributed virtual switches |
| GB2505360A (en) * | 2011-05-14 | 2014-02-26 | Ibm | Method for providing location independent dynamic port mirroring on distributed virtual switches |
| GB2505123A (en) * | 2011-05-24 | 2014-02-19 | Avaya Inc | Social media identity discovery and mapping |
| GB2505123B (en) * | 2011-05-24 | 2018-12-05 | Avaya Inc | Social media identity discovery and mapping |
| CN102420760A (en) * | 2011-12-02 | 2012-04-18 | 盛科网络(苏州)有限公司 | Method and device for realizing forwarding among chips through Internet encapsulation packet processing header |
| CN102870377A (en) * | 2012-06-30 | 2013-01-09 | 华为技术有限公司 | Monitoring method and device for virtual port |
| WO2014000297A1 (en) * | 2012-06-30 | 2014-01-03 | 华为技术有限公司 | Virtual port monitoring method and device |
| CN103457796A (en) * | 2013-08-29 | 2013-12-18 | 国家电网公司 | Monitoring method across switches in intelligent substation |
| CN103457796B (en) * | 2013-08-29 | 2018-07-20 | 国家电网公司 | The monitoring method of switch-spanning in a kind of intelligent substation |
| CN114124473A (en) * | 2021-11-02 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Network access authentication system and authentication method based on port mirror image |
| CN114124473B (en) * | 2021-11-02 | 2024-02-02 | 北京天融信网络安全技术有限公司 | Port mirror image-based network access authentication system and authentication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101075920A (en) | Method for monitoring switching system far-end port | |
| US9967371B2 (en) | Metro ethernet network with scaled broadcast and service instance domains | |
| CN102340447B (en) | Remote port mirroring realization system and method | |
| CN103166811B (en) | A kind of MAD detection method and equipment | |
| US20130016731A1 (en) | System and method for supporting direct packet forwarding in a middleware machine environment | |
| JP5504952B2 (en) | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMPUTER PROGRAM | |
| CN1913523A (en) | Method for implementing layer level virtual private exchange service | |
| CN101043430A (en) | Method for converting network address between equipments | |
| CN1878085A (en) | State detection method based on main and backup Ethernet interface | |
| CN1529459A (en) | Main-standby rotation realizing method facing to high-side exchange board | |
| CN1925456A (en) | System and method for realizing multi-service stack virtual local area network and method of use thereof | |
| CN1946040A (en) | Protective method and device for multicast service | |
| CN111355658A (en) | SDN cross-domain cooperation method based on distributed service framework | |
| CN1845513A (en) | Method for multi service access node access device sharing public network IP address | |
| CN109672572B (en) | Data transmission method and device | |
| CN1863089A (en) | Method for configurating slave node of virtual LAN | |
| CN1897596A (en) | Method and system for controlling access address by virtual medium in Ethernet | |
| CN1929435A (en) | Packet transfer device and method | |
| CN1235346C (en) | Method for improving route repeat liability of access server | |
| CN1302642C (en) | Group broadcast implementing method based on virtual local area network | |
| CN101068211A (en) | Point-to-point flow optimizing method and system | |
| CN1920782A (en) | System and method for debugging information output and control | |
| CN1581811A (en) | Flow mirror image method | |
| CN1728661A (en) | Method for realizing backup and load shared equally based on proxy of address resolution protocol | |
| CN1310481C (en) | Method for realizing application characteristic dual processor backup |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |