Cisco SPAN Port Overhead
19 years 8 months ago #7561
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Cisco SPAN Port Overhead
Bishop,
Monitoring specific ports on the remote switch would certainly not create much overhead for your network. The traffic captured on the monitored port is copied to what's called a 'reflector port' (a port set to loopback) which sends the data to you using a RSPAN Vlan, that is, a VLAN you have previously created for this purpose.
As such, the data is 'isolated' from the rest of the network and no harm is done. The impact on the switch's backplane is minimal, even at peak hour traffic, unless you have all ports being utilised over 70% - something that you'll never encounter on over 95% of networks, unless you happen to work for an ISP
The only thing to keep in mind is that you must be 'logical' on what your monitoring :idea: I wouldn't dare monitor a 100Mbit port (RSPAN Source port) from a 10Mbit port (RSPAN Destination port), because naturally, an oversubscribed destination port will result in
dropped or lost packets.
In the case now you try to monitor the ether-channel link between the two buildings - I would suggest you be careful doing so during peak hours because you'll be dealing with a 200Mbit connection effectively!
What I would also suggest, if your unix/linux skills are not rusty, is to install MRTG ( people.ee.ethz.ch/~oetiker/webtools/mrtg/ ) to help you monitor your link utilisation throughout the day - it's a great tool and works perfectly when setup correctly. I've set this up at a couple of clients and I love it!
Hope I've covered you - If you have any more questions or would like to further discuss the topic, feel free to do so!
Cheers,
Monitoring specific ports on the remote switch would certainly not create much overhead for your network. The traffic captured on the monitored port is copied to what's called a 'reflector port' (a port set to loopback) which sends the data to you using a RSPAN Vlan, that is, a VLAN you have previously created for this purpose.
As such, the data is 'isolated' from the rest of the network and no harm is done. The impact on the switch's backplane is minimal, even at peak hour traffic, unless you have all ports being utilised over 70% - something that you'll never encounter on over 95% of networks, unless you happen to work for an ISP
The only thing to keep in mind is that you must be 'logical' on what your monitoring :idea: I wouldn't dare monitor a 100Mbit port (RSPAN Source port) from a 10Mbit port (RSPAN Destination port), because naturally, an oversubscribed destination port will result in
dropped or lost packets.
In the case now you try to monitor the ether-channel link between the two buildings - I would suggest you be careful doing so during peak hours because you'll be dealing with a 200Mbit connection effectively!
What I would also suggest, if your unix/linux skills are not rusty, is to install MRTG ( people.ee.ethz.ch/~oetiker/webtools/mrtg/ ) to help you monitor your link utilisation throughout the day - it's a great tool and works perfectly when setup correctly. I've set this up at a couple of clients and I love it!
Hope I've covered you - If you have any more questions or would like to further discuss the topic, feel free to do so!
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.117 seconds