[c-nsp] ASR9010 and monitor port

Lee Starnes lee.t.starnes at gmail.com
Fri Dec 4 20:29:40 EST 2020


Hello Everyone,

We have an issue we are trying to track down with a IPv6 BGP peer. The
session resets randomly sometimes 4-5 times a day and sometimes doesn't
reset for several days. We are trying to run a monitor session to mirror
the traffic of the port to another port for the purposes of capturing it
with TCPDUMP.

The problem we are running into is that it seems that it is not mirroring
the egress BGP traffic on the port. Additionally, it would seem that we are
not able to see two way traffic. If we specify ingress ACL, we see the BGP
traffic. If we specify ingress and egress ACLs, we get no traffic. If we
specify egress we see no BGP traffic. Below is what we are using to mirror
this traffic. Is there something that is being done wrong or is this
something that does not mirror both directions at the same time? Not sure
why if we set to only do egress, it does not see BGP traffic. We tested
this by setting the ACL to capture all IPv6 traffic and there was no BGP
traffic.

Best regards,

Lee

monitor-session TEST ethernet
 destination interface TenGigE0/0/1/1

ipv6 access-list span
 10 permit ipv6 host 2001:xxx:xxxx::212 host 2001:xxx:xxxx::213 capture
 15 permit ipv6 host 2001:xxx:xxxx::213 host 2001:xxx:xxxx::212 capture
 20 permit ipv6 any any

interface TenGigE0/0/1/0
 description COX 10G Circuit ID:
 ipv4 address X.X.X.X
 ipv6 address 2001:xxx:xxxx::213/127
 monitor-session TEST ethernet
  acl
 !
 load-interval 30
 flow ipv4 monitor NFAmonitor sampler NFAsampler ingress
 flow ipv4 monitor NFAmonitor sampler NFAsampler egress
 flow ipv6 monitor NFAmonitorIPv6 sampler NFAsampler ingress
 flow ipv6 monitor NFAmonitorIPv6 sampler NFAsampler egress
 ipv6 access-group span ingress
 ipv6 access-group span egress
!


More information about the cisco-nsp mailing list