Hello, I recently was asked the following quesiton by my customer:
"What is Cisco best practice for SPAN ports on VMWare envrionments? As you know, we are running Nexus 1000v that allows for SPAN sessions. However, my concern is that we will saturate our uplinks for the ESX hosts if there is a lot of SPAN traffic. One of the options is to dedicate a NIC on the ESX hosts for SPAN. But I wanted to see what Cisco has done."
Is there a best practice for how to SPAN traffic for VM guests on the N1Kv? Is the customers assumption correct that the SPAN traffic would be duplicated across the VM Hosts uplinks?
Since they are using the 1000v vs the 1010 appliance, how would this be different if they were using the 1010 appliance with or without the NAM module?
With the 1000v, the intention is you're SPAN/ERSPAN traffic to your own sniffing device. Either another switch (Cat6500), Wireshark Host/VM or other traffic capturing device.
The SPAN is mirroring source traffic on a single VEM host. SPAN does not utilize the uplinks for traffic in this regard. The amount of extra traffic in a SPAN/ERSPAN session is dictated by the source (vEth, Eth, Port Channel, Port Profile, entire VLAN etc.). The destination for a SPAN session can be another vEthernet, Ethernet or Port Channel interface on that host. Most customers setup a Wireshark VM, migrate it to whichever VEM host they want to run a SPAN on, and then just set their SPAN destination to the vEth port of the Wireshark VM. Simple and free way to capture traffic.
If you're looking at ERSPAN, then you will need to create a new VMKnic for sending the traffic to the remote desintation IP. Again, depending on whether the source is a single vEth or entire VLAN, you may wish to allocate a dedicated NIC for this purpose. In a 10G environment you can likely get away with ERSPAN for entire VLANs without saturating the link. Each environment is different so you should monitor bandwidth accordingly.
Using the 1010, you can utilize the NAM. With the NAM your SPAN destination becomes the NAM so traffic can be sniffed and analyzed accordingly. The NAM is a neat & effecient way to analyze traffic behavior and patterns.
Hello,I understand that Contracts in ACI that are enfored by the leafs are stateless ACL. When is an ACI Contract stateful?- as far as I know when using AVS/AVE?- what about when using Kubernetes/Openstack integration with ovs?
*This event has been rescheduled for causes beyond our control, we appreciate your understanding.
[ The link to the discussion will be published on December 7th ]
This event is an opportunity to have your questions answered on tools available for Nexus 30...
I'm having a strange problem redistributing iBGP routes to OSPF on Nexus 9000. Initially I had an open prefix list to get things working. Some of the routes weren't being redistributed to OSPF and I found this article which helped which said you nee...