Generally ACI allows SPAN to the destination(analyzer) which is inside the ACI fabric, a known endpoint in ACI. However, there can be a situation where your analyzer is sitting outside ACI fabric. This article talks about a solution which can help in achieving that.
So, the idea here is to send the traffic out of ACI fabric with the help of “a static endpoint” sitting in destination EPG. This will help the ACI to forward ERSPAN copy of traffic out of the fabric, now if you want to route that traffic further to some other part of the network that is also possible with the help of routing. This routing needs to be managed on the router that is connected to ACI fabric and receiving traffic.
The overall solution will be configured in 2 steps.
- Configure ERSPAN source and destination in access polices > policies > troubleshooting > SPAN.
- Configure static endpoint under the destination EPG which connects outside. Basically this is the EPG which is connected to outside device in my case router that has analyzer connected.
In above 3 images we see source, destination span configuration and static endpoint in the destination EPG. This configuration should do the trick but in few cases you need to ensure BD settings. Here is my BD setting for reference.
here is the packet capture that we have received on the XE router connected to the ACI Leaf.
