[c-nsp] Traffic missing on mirror port
Bernhard Schmidt
berni at birkenwald.de
Tue Aug 2 12:41:37 EDT 2005
Hi,
we have a C6509 with dual Sup720a for internet access. The gigabit
ethernet where the upstream is connected is mirrored to several other
gigabit port for monitoring purpose. After upgrading it from
12.2(18)SXD1 to SXE2 today I only see a part of the traffic mirrored
anymore. Fascinatingly it is not bound to direction (ingress or egress),
but IP ranges.
monitor session 1 source interface Gi4/2
monitor session 1 destination interface Gi4/4 , Gi4/8
Router#sh int gi4/2 | i put rate
5 minute input rate 137344000 bits/sec, 27275 packets/sec
5 minute output rate 121374000 bits/sec, 26299 packets/sec
Router#sh int gi4/4 | i put rate
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 109176000 bits/sec, 23580 packets/sec
it is about the same rate on all other interfaces, too. Almost all
packets are routed on the Sup720 between a Vlan-Interface on a 10GE and
the routed GE on a WS-X6408A-GBIC, there is _no_ difference at all how
those packets are to be treated.
/usr/sbin/tcpdump -n -s 0 -i eth1 src net 1.2.0.0/16
/usr/sbin/tcpdump -n -s 0 -i eth1 dst net 1.2.0.0/16
/usr/sbin/tcpdump -n -s 0 -i eth1 src net 2.3.0.0/16
show very much traffic, while
/usr/sbin/tcpdump -n -s 0 -i eth1 dst net 2.3.0.0/16
shows as good as nothing. This /16 is doing a good chunk of our total
bandwidth and I've now received about 15 packets in more than one
minute. And yes, this is the only way to come into the network and the
traffic definitely crosses this router.
Any ideas?
Bernhard
More information about the cisco-nsp
mailing list