08-03-2012 07:02 AM - edited 03-07-2019 08:08 AM
Hi there,
I'm attempting to create an erspan session between a Nexus 5000 and 6500 to get traffic from a FEX interface on the 5000 over to a sniffer off of the 6500. The Nexus and 6500 are directly connected with a 10G link, but I added a separate 1G link between the two for the erpsan traffic. I created a routed interface on the 6500, and and SVI on the Nexus. The Erspan session came up, and looked ok from both sides, but as soon as we got a burst of traffic this morning the CPU on the 6500 spiked to 99%. I used 'debug netdr capture rx' to determine the traffic was coming in from the erspan port and subsequently shut down the new interface on the 6500. Any ideas why this caused a CPU spike? Here are the relevant configs from each device:
Nexus:
vrf context NetOps
!
interface Vlan123
no shutdown
vrf member NetOps
ip address 10.7.9.11/24
!
interface Ethernet1/3
switchport access vlan 123
speed 1000
!
monitor session 1 type erspan-source
erspan-id 101
vrf NetOps
destination ip 10.7.9.2
source interface Ethernet101/1/9 tx
no shut
!
monitor erspan origin ip-address 10.7.9.11 global
And the 6500:
interface GigabitEthernet3/23
description RAD-NX5K-01_Eth1/3
ip address 10.7.9.2 255.255.255.0
no logging event link-status
shutdown <--Added to kill the erspan session quickly.
!
monitor session 3 type erspan-destination
destination interface Te5/7
source
erspan-id 101
ip address 10.7.9.11
Thanks in advance,
Brandon
08-07-2012 11:59 AM
Any ideas on this one? Is it possible to do a normal rspan session from a Nexus over to a 6500?
03-13-2016 08:55 PM
6500 can not do GRE tunnelling in hardware. ERSPAN is effectively SPAN over GRE.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: