[150702] in North American Network Operators' Group
Re: [nanog] Re: Switch designed for mirroring tap ports
daemon@ATHENA.MIT.EDU (David LaPorte)
Thu Mar 1 11:26:50 2012
Date: Thu, 01 Mar 2012 11:25:50 -0500
From: David LaPorte <david_laporte@harvard.edu>
To: David Swafford <david@davidswafford.com>
In-Reply-To: <CAA8=vb66=ejKKf0dNUzZ1HbTeeoPGhc2YkmFzhkw+0HLEhL84Q@mail.gmail.com>
Cc: NANOG <nanog@nanog.org>
Reply-To: david_laporte@harvard.edu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We're doing something similar - VACLs (using the "redirect" action) with
port-channel destinations on a span aggregation 650x. If you've got a
spare 650x chassis lying around and your configuration requirements
aren't terribly complex/dynamic, you can do monitoring with filtering
and load-balancing at high-throughput on it.
On 03/01/12 06:03, David Swafford wrote:
> Take a look at VACLs on the Cat side. It has a capture feature that is
> effectively the same as a local SPAN, but without the 2 session limit. If
> you do a lot of RSPAN though, this wouldn't be your complete answer (VACL
> captures are local only). VACLs are a bit more granular in defining what's
> captured, if say for example you only wanted traffic destined to TCP/80,
> you could configure it that way.
>
> David.
>
>
> On Thu, Mar 1, 2012 at 5:52 AM, Terry Baranski <
> terry.baranski.list@gmail.com> wrote:
>
>> On Mar 1, 2012, at 02:13 AM, apishdadi@gmail.com wrote:
>>
>>> Hello All,
>>>
>>> We are looking for a switch or a device that we can use for mirroring
>>> tap ports. For example , take a mirror port off of a core router say
>>> a 6509, connect it to a port on said device, say port 1. I would like
>>> then to be able to mirror port 1 on said device to multiple ports,
>>> like port 2 , 3, 4. We have the need to analyze traffic from one port
>>> on multiple devices. Seems most switches are limited to mirroring to a
>>> max of 1 or 2 ports.
>>
>> We like Gigamon for this purpose.
>>
>> -Terry
