Info

You are currently browsing the Should Have Gone With Cisco weblog archives for the day February 9, 2009.

February 2009
M	T	W	T	F	S	S
« Jan		Mar »
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28

Archive for February 9, 2009

Clean up those SPANs

February 9, 2009 by ted.

We recently started an eval with a product from NetQoS called SuperAgent. Basically, this device passively monitors application performance. It sits off a span or mirror port on the network. We are also using a product called Gigastor which feeds mirrored traffic to SuperAgent as well.

One thing to remember about SPAN configurations is that you have to be very selective about what you are spanning, because mirror ports can be quickly overwhelmed. A lot of times you know what servers you want to mirror traffic from, so you just span all of those source ports or even worse an entire source vlan.

The other thing to keep in mind is that you need to span in such a way to prevent duplicate packets if possible. If you start blindly mirroring all your servers, you may find yourself with duplicate packets which can throw off your packet loss and retransmission delay metrics. You have to remember that when mirrored servers talk to each other, you will certainly end up with duplicates. If you have a multi-tiered application where you have front-end servers talking to back-end, you definitely want to clean up those SPANs!

The most common method of traffic mirroring is using SPAN or RSPAN with Cisco switches. Using a network tap is also a very good method as well.

Here is an example of a scenario where you need to take care in what ports you choose to mirror.

Read the rest of this entry »

Posted in Routing&Switching, Cisco | Print | 4 Comments »