dkraut
Enthusiast
Enthusiast

ERSPAN on VDS?

Jump to solution

Hi All, having trouble finding an answer on the interweb and will not have access to my lab for a few days.

Consider a vsphere 6.x environment that uses VDS.  We have an appliance that needs to receive all data from specific vlans within the vmware environment.  For the ERSPAN destination, does it require a dedicated NIC/uplink or can it use existing uplinks to forward traffic to the IP address of appliance?

Thanks!

1 Solution

Accepted Solutions
jameseydoyle
VMware Employee
VMware Employee

It will use the management VMkernel port in the assumption that that will have a default gateway assigned. As ERSPAN is a routable protocol, there would be a requirement for a gateway and the packets would be subjects to the host's regular routing table. Unless the destination IP is in a Layer 2 subnet accessible by another VMkernel port, or you set up a static route using a different VMkernel port, it will always use the Management VMkernel port.

If you management port has multiple active uplinks, it will use them all in the same way as it would for any other type of traffic.

View solution in original post

3 Replies
jameseydoyle
VMware Employee
VMware Employee

It will use the management VMkernel port in the assumption that that will have a default gateway assigned. As ERSPAN is a routable protocol, there would be a requirement for a gateway and the packets would be subjects to the host's regular routing table. Unless the destination IP is in a Layer 2 subnet accessible by another VMkernel port, or you set up a static route using a different VMkernel port, it will always use the Management VMkernel port.

If you management port has multiple active uplinks, it will use them all in the same way as it would for any other type of traffic.

View solution in original post

dkraut
Enthusiast
Enthusiast

Thanks James, that was very helpful.  Is this documented anywhere?  It's amazingly difficult to find information on how ERSPAN works under the hood in vmware. 

0 Kudos
dkraut
Enthusiast
Enthusiast

Circling back on this topic.  Does anyone know why vmware only allows us to select individual ports or a range of ports on VDS for ERSPAN vs. selecting entire port groups or vlans?

Has anyone seen a negative impact on network performance or ESXi cpu usage by selecting all VDS ports and sending them to an ERSPAN target a few switches away (Same Data Center)?  I know there are many variables in such a question, but assuming typical networking equipment/traffic.  

0 Kudos