Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
6
Replies

port monitoring performance issues

901224H
Level 1
Level 1

‎06-22-2006 05:35 AM - edited ‎03-03-2019 03:46 AM

We have 3500Xl series switches and some are running port monitoring so we can gather data on what kind of traffic is flowing through our network. The question is if 1 ethernet port is monitoring all the other ethernet ports on it, what kind of performance issues could we expect, if any. Is there a way to show the performance stats of the switch as well. For example, see below.

interface FastEthernet0/47

description ethereal87 port monitor

no logging event link-status

port monitor FastEthernet0/2

port monitor FastEthernet0/1

port monitor FastEthernet0/4

port monitor FastEthernet0/3

port monitor FastEthernet0/6

port monitor FastEthernet0/5

port monitor FastEthernet0/8

port monitor FastEthernet0/10

port monitor FastEthernet0/9

port monitor FastEthernet0/12

port monitor FastEthernet0/11

port monitor FastEthernet0/14

port monitor FastEthernet0/13

port monitor FastEthernet0/16

port monitor FastEthernet0/15

port monitor FastEthernet0/20

port monitor FastEthernet0/19

port monitor FastEthernet0/22

port monitor FastEthernet0/21

port monitor FastEthernet0/24

port monitor FastEthernet0/23

port monitor FastEthernet0/26

port monitor FastEthernet0/25

port monitor FastEthernet0/28

port monitor FastEthernet0/27

port monitor FastEthernet0/30

port monitor FastEthernet0/29

port monitor FastEthernet0/32

port monitor FastEthernet0/31

port monitor FastEthernet0/34

port monitor FastEthernet0/33

port monitor FastEthernet0/36

port monitor FastEthernet0/35

port monitor FastEthernet0/38

port monitor FastEthernet0/37

port monitor FastEthernet0/40

port monitor FastEthernet0/39

port monitor FastEthernet0/42

port monitor FastEthernet0/41

port monitor FastEthernet0/44

port monitor FastEthernet0/43

port monitor FastEthernet0/46

port monitor FastEthernet0/45

switchport access vlan 87

no snmp trap link-status

spanning-tree portfast

Labels:
0 Helpful
6 Replies 6

glen.grant
VIP Alumni
VIP Alumni

‎06-22-2006 06:00 AM

If you are monitoring all the ports like you have shown you are going to overrun the monitor port if there are running any traffic at all and it will probably give you an inaccurate picture it will probably drop packets .

0 Helpful

901224H
Level 1
Level 1
In response to glen.grant

‎06-22-2006 07:04 AM

Is there any way to turn on some kind of flow control?

0 Helpful

leighharrison
Level 7
Level 7
In response to 901224H

‎06-22-2006 07:43 AM

Hi there,

Rather than monitor all of those ports, it's better to monitor either the uplink port, or the vlan. Try something along the lines of "port monitor vlan 87"

Monitoring the vlan will send a lot of traffic your way, which is why it's sometimes better to monitor the uplink port.

Regards

LH

Please rate all posts

0 Helpful

901224H
Level 1
Level 1
In response to leighharrison

‎06-22-2006 11:49 AM

I have looked at the monitoring port stats and it shows no dropped packets. I am assuming the load of all the ports on the monitoring port is being handled without loss. So our data should be accurate, I didnt realize that maybe we dont have as much data flow as I expected. I do not quite understand the difference between what monitoring all ethernet ports, the uplink (gigabit), and the vlan differences are. I figure that all three should have the same total traffic, I realize that is not so, I just dont know why?

0 Helpful

leighharrison
Level 7
Level 7
In response to 901224H

‎06-23-2006 12:28 AM

Hi there,

It's to do with the way the way that the traffic is punted to your monitoring port. Remember - the switch now has to copy everything from both directions on each port to the monitoring port.

It is less stressfull on the switch for you to monitor a sinlge port, usually the uplink, or you can monitor the whole vlan.

Try it and see if your results are different.

Regards,

LH

Please rate all posts

0 Helpful

Eugene Lau
Cisco Employee
Cisco Employee

‎03-08-2011 06:29 PM

Hi,

I noticed you are attempting this on a 3500XL switch.I'll attach a useful reference to some constraints with SPAN on XL

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#topic1

These older switches use a blocking, shared memory architecture and shared buffers for groups of 4 ports. One performance condition that is possible in this type of scenario is intermittent packet loss within the group of ports when traffic is high. This condition becomes probable when utilisation of ports start exceeding about 70% of bandwidth simultaneously on all ports. The symptom is intermittent because of the nature of  traffic is typically bursty

Example:

Monitor port is 48.

Servers are 45,46,47 -100MB

Let's say a backup is run on the servers and all servers start to hit 70% of available bandwidth. If port is monitoring, then this is = 3 x 70MB = 210MB which exceeds monitor port.

Monitor port would see overruns drops etc

http://www.cisco.com/en/US/partner/products/hw/switches/ps607/products_tech_note09186a0080125913.shtml#troubleshoot_interface_errors

but the server ports could intermittently start dropping traffic because of available buffer taken up by monitor port. There's no real way to determine at what rate this will happen but something to keep an eye out for. You may isolate the monitor port to it's own group of 4.

HTH

Eugene

0 Helpful
Customers Also Viewed These Support Documents