Port Mirroring Session Traffic Direction Appears to be Reversed in Distributed Switches
search cancel

Port Mirroring Session Traffic Direction Appears to be Reversed in Distributed Switches

book

Article ID: 311163

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

This article intends to clarify how the traffic direction for port mirroring sources functions in vSphere Distributed Switches.

Symptoms:

  • When configuring a Port Mirroring session on a vSphere Distributed Switch, the traffic direction set does not work as expected.
  • Egress and Ingress traffic directions appear to be functioning in reverse compared to what is set in the vSphere Client or vSphere Web Client.
  • When conducting a packet capture, the Egress setting allows only traffic destined to the virtual machine, and the Ingress setting allows only traffic being sent out by the virtual machine.



Environment


VMware vCenter Server and VMware vSphere ESXi

Resolution

Although it may appear that the Ingress or Egress traffic direction set for a Port Mirroring session is working in reverse, this is actually expected behavior. The reason the traffic direction appears to be reversed is because the mirroring is done from the perspective of the distributed switch port, not the virtual machine itself.

As such, Ingress traffic is defined as traffic coming into the distributed switch port from the virtual machine guest. Egress traffic is defined as traffic being sent out from the distributed switch port to the virtual machine guest. When looking at this traffic from the perspective of the virtual machine, this logic may appear reversed.

Additional Information

For more information, please see the following VMware blog post.