cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1315
Views
0
Helpful
6
Replies

Design suggestions/ideas - vmware SPAN

I'm trying to decide which option is better to capture all the traffic inside vmware (vswitch), so far the solution will include a virtual machine per host which then it will forward all the traffic to an IP (example 1.1.1.1) on an isolated VLAN.

 

The question is: do I want that IP and VLAN on all the switches or on a dedicated switch.
The goal is to minimize the impact on any of the uplinks and potential problems due misconfiguration.

 

I would like to have comments about either design.

Thanks!

 

Rolando A. Valenzuela

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

So you looking all VM's traffic to be monitor, After traffic span to Arista, what is the device you going to use to capture this mirrored traffic ? do you have TAP ?

 

Instead of extending Esxi to another switch, why not consider created inside Esxi, create  VM to capture that information for you.

 

example of this guide :

 

https://blog.architecting.it/vsphere-vds-span-port-with-wireshark-in-2-minutes/

https://www.gigamon.com/products/virtual-and-cloud/gigavue-vm.html

http://www.veryxtech.com/products/test-platforms/virtual-vnf-network-taps/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for the reply @balaji.bandi, we are already doing that... a local VM per esxi but since we have many physical servers, we need to aggregate all the captured traffic somewhere, that it is why we then need to send everything to the Arista which then aggregates it and sends it to a dedicated server.

Regards.
Rolando A. Valenzuela.

yes, since  original post was asked only Esxi environment i have give the approach how we can do, if you have other infrastrucutre that also need to be monitor.

 

you have option.

 

1. RSPAN

2. TAP

 

Since you have mentioned you want to send traffic to Asrista and there you going to monitor, then go with that plan as you are comfortable.

 

Also look at the kind of traffic you monitor.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Those options were also considered, with RSPAN the trunk ports needs to be utilized and I'm trying to avoid that.
TAP it is not possible since the traffic we want to capture it is generated inside vmware itself (we are trying to get everything that happens in the vswitch) other server we have have TAPs already.

Thank you for the suggestions.
Rolando A. Valenzuela.

Jaderson Pessoa
VIP Alumni
VIP Alumni
Depends on the need, money for investment.
I currently have a similar infrastructure, but I use ip and vlan only on a switch for investment account.
If I had an opportunity, I would distribute it to redundancy.
Jaderson Pessoa
*** Rate All Helpful Responses ***

Could you share a general diagram if possible? so far the option #2 is my personal preference but I'm open to other solutions.

Rolando A. Valenzuela.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: