We are setting up a mirror/span/rspan/erspan to get traffic (DC's live as VMs in ESX Cluster) to our Microsoft ATA server. The problem that we are running into is that a traditional RSPAN is not working because all unicast messages are getting blocked in the Fabric Interconnects of the UCS Chassis (where VMware lives). Some searching indicates that there is really no way to run an L2 RSPAN thorough a Fabric interconnect, only local mirror sessions to/from the FIs.
So enter ERSPAN, basically encapsulating the packets in GRE and sending them to a layer 3 destination. This works fantastically with wireshark as the destination, because it is smart enough to strip off the GRE and present the packet. Microsoft ATA however 'does not currently support ERSPAN' and requires the GRE be decapsulated by a switch/router.
What we are now trying to do is setup the ERSPAN destination on a Nexus 7k, then monitor the session to a physical interface and hand that off to ATA as raw packets. Has anyone worked with this sort of configuration before? I found an example configuration from Cisco, but I am not sure what to put for the eRSPAN session-id, or if it has to match anything.
Short of setting up a linux host to terminate GRE then mirror, does anyone have any ideas?
(Rough physical network, clustered FI's, Clustered 4500x, 1 Nexus 7k, 2 linecards).
DC---VMware---VDS(ERSPAN Source)---- Fabric Interconnect ----- Cisco 4500X ----- Nexus 7k(ERSPAN Destination)--- Microsoft ATA