[c-nsp] Packet capturing above 1Gbps
Tim Stevenson
tstevens at cisco.com
Tue Apr 1 23:34:21 EDT 2008
Actually, one advantage of VACL capture is that it does *not* count
doubly toward the fwding engine throughput, ie, the initial lookup
result drives both the normal fwding path & the VACL capture.
LTL/FPOE (ie fabric/port ASIC replication) creates the copies as
needed, not the replication engine as is the case with SPAN, where a
unique separate copy is created and submitted to the FE for another lookup.
SPAN too can deliver multi-gig packet mirroring (and has some
advantages like it can capture IPv6 traffic, L2 protocol & BPDU
traffic, etc) but there are several important caveats, in particular,
centralization of TX SPAN on the supervisor replication engine in
releases prior to 33SXH, and limited RE bandwidth in various LC architectures.
If you have a relationship with your acct team, ask for some docs
relating to 6500 SPAN architecture & performance, there are some
available under NDA.
HTH,
Tim
At 08:16 AM 4/2/2008 +0700, Roland Dobbins observed:
>On Apr 2, 2008, at 2:03 AM, Ramcharan, Vijay A wrote:
>
> > I believe the VACL capture to 10Gbps port to a GigaVue-420 and then
> > split out to the analysis servers is a good approach.
>
>
>Be sure you don't exceed the pps limitations of your linecard(s) - the
>SPANned traffic counts towards those limits.
>
>-----------------------------------------------------------------------
>Roland Dobbins <rdobbins at cisco.com> // +66.83.266.6344 mobile
>
> History is a great teacher, but it also lies with impunity.
>
> -- John Robb
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Data Center BU
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list