[c-nsp] switching of monitored traffic

Sat Sep 28 12:17:53 EDT 2013

Hi, 

  The Switch in question is used in 3G production and the whole solution is monitored by "Astelia" product which can't filter the traffic itself so we are filtering on 6509 and These are the session we need : 

Session 1 : to moitor Gb and IU Vlans
Session 2 : to moitor Gp and Gn Vlans 
Session 3 : used for selective tshooting in case of problem
Session 4 : to monitor L3 Subif since the mix with Vlan is not supported 

For session 1 we use VACL ( only one VACL filter is supported by the switch ) , for session 2 and 3 we use SPAN and the new requirement is for session 4 . 

As per the link provided by lee, 6500s allow up to 14 "egress-only" span sessions:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/span.html#wp1110714

does this mean that I should have 14 session if I use the monitoring this way  with "tx" option ? does anyone test it ? : 

monitor session 1 source interface TenGigabitEthernet8/3.3408 tx
monitor session 1 destination interface Port-channel3  

Br.

BEN HAMMADI Kayssar

NOKIA SIEMENS NETWORKS
Lead Engineer -BroadBand Connectivity
JNCIE-M (#471), JNCIE-SP (#1147), CCIP 
Mobile : +216 29 349 952  /  +216 98 349 952
FIX      : +216 71 108 173
Skype : kayssar ben hammadi
kayssar.ben_hammadi at nsn.com

-----Original Message-----
From: ext Lee [mailto:ler762 at gmail.com] 
Sent: Saturday, September 28, 2013 4:51 PM
To: Ben Hammadi, Kayssar (NSN - TN/Tunis)
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] switching of monitored traffic

On 9/28/13, Ben Hammadi, Kayssar (NSN - TN/Tunis)
<kayssar.ben_hammadi at nsn.com> wrote:
> Thanks Pavel ,
>
>     We are thinking about this solution to be able to monitor the traffic
> again with more granularity on Switch B since Switch A is 6509 and have a
> max of 2 monitor session . Are you aware about any Cisco platform that don't
> have the limitation of two SPAN session ?

6500s allow up to 14 "egress-only" span sessions:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/span.html#wp1110714

I've never tried it & there look to be lots 'o caveats, so dunno it it
will meet your needs or no.

And I haven't looked at the documentation in ages -- I don't remember
this caveat:

Use SPAN for troubleshooting. Except in carefully planned topologies,
SPAN consumes too many switch and network resources to enable
permanently.

wrt
>     Does Switch B treat this traffic as normal traffic

pay attention to the note about replicated traffic:
  SPAN copies Layer 2 Ethernet frames, but SPAN does not copy source
trunk port ISL or 802.1Q tags. You can configure destinations as
trunks to send locally tagged traffic to the traffic analyzer.

SPAN has the charming property of being free, but it comes with
caveats.  There are situations where it's worth paying for a tap and
seeing exactly what's on the wire (fiber :)

Regards,
Lee

>
> Br.
>
> BEN HAMMADI Kayssar
>
> NOKIA SIEMENS NETWORKS
> Lead Engineer -BroadBand Connectivity
> JNCIE-M (#471), JNCIE-SP (#1147), CCIP
> Mobile : +216 29 349 952  /  +216 98 349 952
> FIX      : +216 71 108 173
> Skype : kayssar ben hammadi
> kayssar.ben_hammadi at nsn.com<mailto:kayssar.ben_hammadi at nsn.com>
>
> From: ext Pavel Skovajsa [mailto:pavel.skovajsa at gmail.com]
> Sent: Saturday, September 28, 2013 10:39 AM
> To: Ben Hammadi, Kayssar (NSN - TN/Tunis)
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] switching of monitored traffic
>
> It will switch it as any other incoming traffic.
> -pavel
>
> On Saturday, September 28, 2013, Ben Hammadi, Kayssar (NSN - TN/Tunis)
> wrote:
> Dears,
>
>     We are monitoring traffic from Switch A to Switch B with "monitor
> session"  , Switch B receive now all traffic handled by Switch A .
>     Does Switch B treat this traffic as normal traffic and continue to
> switch it according to configured Vlans or it has a way to know that it come
> from a "monitor session" not from a regular switching ?
>
> Br.
>
> BEN HAMMADI Kayssar
>
> NOKIA SIEMENS NETWORKS
> Lead Engineer -BroadBand Connectivity
> JNCIE-M (#471), JNCIE-SP (#1147), CCIP
> Mobile : +216 29 349 952  /  +216 98 349 952
> FIX      : +216 71 108 173
> Skype : kayssar ben hammadi
> kayssar.ben_hammadi at nsn.com<javascript:;>
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net<javascript:;>
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>