I have a simple setup - two switches in a MLAG pair, directly connected to a firewall with multiple ports. One port being dedicated to end user traffic (running through a Riverbed before hitting the firewall for optimization) and the other port is dedicated for Backups/DR (no optimization). Backup/DR traffic is routed to one of those ports using policy based routing, and all other traffic uses a static default route and goes to the optimized port.
It seems there is a (potentially) known Cumulus bug where if you have policy based routing configured and also have a port SPAN setup, PBR is completely ignored so the only traffic that gets routed is via. the static routes. The official response on this behavior is “When a frame arrives that would be mirrored because of a SPAN or ERSPAN, the SPAN rule does the SPAN and then the frame gets put back on the pipeline, but does not go through the PBR portion of the pipeline.”
Given that Cumulus is not currently able to handle policy based routing when a SPAN port is setup on the same switch, I’m looking for ideas that will allow me accomplish this simple goal without having to revert to a different product that is capable of routing properly with a port mirror setup.
Has anyone else had this problem? The end goal is just setting up a mirrored port for a log collector for a SIEM solution. Any/all ideas are welcomed and appreciated!