Solved: Can RSPAN traffic be limited or dropped through QOS?

jspencer · ‎08-24-2017

I have been tasked with implementing QOS to limit RSPAN traffic so that if a certain threshold is met it will start dropping that type of traffic.

From reading Cisco documentation and experimentation on the switch I am starting to believe this isn't possible.

The orginal plan was to mark packets coming out of the interfaces with COS 5 and put packets with those markers into the priority queue. From my understanding the mirrored RSPAN traffic does not get marked and the theory was that it would have a default of COS of 0 and we could set the threshold so that it would start dropping those packets at a certain limit. Is this even possible to do with SPAN traffic?

I got thrown into this with very little experience with QOS but I am getting the impression that what I have been tasked to do isn't going to work after playing around with it and getting no where. Can somebody set me straight?

Francesco Molino · ‎08-24-2017

Hi

Never done that before and also never get that question.

What config of qos did you tried?

Did you applied it on the trunk?

I was thinking by doing a policy map matching the vlan.

What type of switches do you have?

The config I'm thinking is:

policy-map pmap-rspan
class class-default
police 1000000 conform-action transmit exceed-action drop

interface g0/0 --> your trunk interface

mls qos vlan-based

interface vlan xxx --> rspan vlan number (not sure the switch allows that)

service-policy output pmap-rspan

service-policy input pmap-rspan

Or

class-map rspan
match vlan xxx --> vlan rspan number

policy-map pmap-rspan
class rspan
police 1000000 conform-action transmit exceed-action drop

interface g0/0 --> your trunk interface
service-policy output pmap-rspan

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Reza Sharifi · ‎08-24-2017

I am not sure if that is possible. From the RSPAN document:

Receive (Rx) SPAN—The goal of receive (or ingress) SPAN is to monitor as much as possible all the packets received by the source interface or VLAN before any modification or processing is performed by the switch. A copy of each packet received by the source is sent to the destination port for that SPAN session. Packets that are modified because of routing or quality of service (QoS)—for example, modified Differentiated Services Code Point (DSCP)—are copied before modification.

link:

http://www3.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750e_3560e/software/release/15-0_1_se/configuration/guide/scg3750e/swspan.pdf

HTH

Francesco Molino · ‎08-24-2017

Hi

Never done that before and also never get that question.

What config of qos did you tried?

Did you applied it on the trunk?

I was thinking by doing a policy map matching the vlan.

What type of switches do you have?

The config I'm thinking is:

policy-map pmap-rspan
class class-default
police 1000000 conform-action transmit exceed-action drop

interface g0/0 --> your trunk interface

mls qos vlan-based

interface vlan xxx --> rspan vlan number (not sure the switch allows that)

service-policy output pmap-rspan

service-policy input pmap-rspan

Or

class-map rspan
match vlan xxx --> vlan rspan number

policy-map pmap-rspan
class rspan
police 1000000 conform-action transmit exceed-action drop

interface g0/0 --> your trunk interface
service-policy output pmap-rspan

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

jspencer · ‎08-24-2017

Right now we are currently trying to mark all normal traffic from interfaces as COS 5 and giving the interfaces priority-queue out commands on all our access ports. On trunk ports we don't mark anything but do mls qos cos trust command.

example:

int g1/0/1

switchport mode access

priority-queue out

mls qos cos 5

mls qos cos trust

int g1/1/1

switchport mode trunk

mls qos cos trust

The theory was all normal traffic would have COS 5 and all other traffic (RSPAN included) would not be marked or would default to COS 0

Then we set all normal traffic into the priority queues on both input queue and egress queue and set the threshold on the non priority queue to lower values.

I think your idea may be what I need

class-map rspan
match vlan xxx --> vlan rspan number

policy-map pmap-rspan
class rspan
police 1000000 conform-action transmit exceed-action drop

interface g0/0 --> your trunk interface
service-policy output pmap-rspan

I think the only problem with that is I may have tried that route and there was no 'match vlan' command available on the 3750s or the 4500 core switch that is involved. I will try that again tomorrow though. Thanks.

jspencer · ‎10-03-2017

It looks like the problem we are running into is that all the switches in question are on 12.2 and to match vlan for class maps it needs to be on 15. I was able to successfully limit the vlan traffic for the RSPAN VLAN on the trunk it was on. Unfortunately, our customer has stated that upgrading the switch firmware is out of the question at this time.

Francesco Molino · ‎10-03-2017

Ok sorry that match vlan didn't worked out in your case. I wasn't aware of your actual IOS version

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question