Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1491
Views
0
Helpful
6
Replies

Design suggestions/ideas - vmware SPAN

Rolando Valenzuela
Level 4
Level 4

‎02-20-2019 01:50 PM - edited ‎03-03-2019 09:00 AM

I'm trying to decide which option is better to capture all the traffic inside vmware (vswitch), so far the solution will include a virtual machine per host which then it will forward all the traffic to an IP (example 1.1.1.1) on an isolated VLAN.

 

The question is: do I want that IP and VLAN on all the switches or on a dedicated switch.
The goal is to minimize the impact on any of the uplinks and potential problems due misconfiguration.

 

I would like to have comments about either design.

Thanks!

 

Rolando A. Valenzuela

Labels:
Preview file
188 KB
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎02-20-2019 03:44 PM - edited ‎02-20-2019 03:46 PM

So you looking all VM's traffic to be monitor, After traffic span to Arista, what is the device you going to use to capture this mirrored traffic ? do you have TAP ?

 

Instead of extending Esxi to another switch, why not consider created inside Esxi, create  VM to capture that information for you.

 

example of this guide :

 

https://blog.architecting.it/vsphere-vds-span-port-with-wireshark-in-2-minutes/

https://www.gigamon.com/products/virtual-and-cloud/gigavue-vm.html

http://www.veryxtech.com/products/test-platforms/virtual-vnf-network-taps/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rolando Valenzuela
Level 4
Level 4
In response to balaji.bandi

‎02-25-2019 08:37 PM

Thanks for the reply @balaji.bandi, we are already doing that... a local VM per esxi but since we have many physical servers, we need to aggregate all the captured traffic somewhere, that it is why we then need to send everything to the Arista which then aggregates it and sends it to a dedicated server.

Regards.
Rolando A. Valenzuela.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Rolando Valenzuela

‎02-26-2019 12:23 AM

yes, since  original post was asked only Esxi environment i have give the approach how we can do, if you have other infrastrucutre that also need to be monitor.

 

you have option.

 

1. RSPAN

2. TAP

 

Since you have mentioned you want to send traffic to Asrista and there you going to monitor, then go with that plan as you are comfortable.

 

Also look at the kind of traffic you monitor.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rolando Valenzuela
Level 4
Level 4
In response to balaji.bandi

‎02-26-2019 07:02 AM

Those options were also considered, with RSPAN the trunk ports needs to be utilized and I'm trying to avoid that.
TAP it is not possible since the traffic we want to capture it is generated inside vmware itself (we are trying to get everything that happens in the vswitch) other server we have have TAPs already.

Thank you for the suggestions.
Rolando A. Valenzuela.
0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎02-21-2019 06:04 PM

Depends on the need, money for investment.
I currently have a similar infrastructure, but I use ip and vlan only on a switch for investment account.
If I had an opportunity, I would distribute it to redundancy.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Rolando Valenzuela
Level 4
Level 4
In response to Jaderson Pessoa

‎02-25-2019 08:39 PM

Could you share a general diagram if possible? so far the option #2 is my personal preference but I'm open to other solutions.

Rolando A. Valenzuela.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card