Hi everyone,
I really like the possibility to use L3HW offloading on the newer high-end devices! However, I also like to monitor my network traffic with Traffic Flow. And sadly, the two are incompatible out of the box (meaning that Traffic Flow simply doesn’t see and hence doesn’t report flows that are offloaded to the hardware).
I tried tinkering around with switch ACL rules to copy packets to the cpu (on a CRS326-24S+2Q+):
/interface ethernet switch set 0 l3-hw-offloading=yes mirror-target=cpu
/interface ethernet switch rule add mirror=yes ports=sfp-sfpplus2 rate=1M switch=switch1
This makes the flows visible again - but has two drawbacks:
- It duplicates the packets, which are then forwarded by the CPU too.
- It copies all packets to the CPU (the rate parameter is simply ignored).
Ideally, I’d like to implement the Flow Sampling in the ACL rule, copying only 1% of packets to CPU, and then stop them from being forwarded by the CPU. Sadly, because Traffic Flow happens after the forward chain processing, the IP firewall cannot be used to prevent the duplication. And switch ACLs configured for the CPU port apparently aren’t actually applied (which is consistent with Port Isolation reporting as not being supported for the CPU port).
So… does anybody have this kind of setup? Or do I simply have to mirror the traffic off-device and use another device (e.g. server) for flow monitoring? (Which still poses the question of whether switch ACL rules can somehow be used to implement the sampling.)
did you ever find a good solution to this?