Re: ERSPAN on Cat9300/9500/9600 (IOS-XE) and negative side effects

Johannes Luther · ‎04-08-2020

Hi board,

is setting up and running ERSPAN a "dangerous" thing to do on a Cat9k switch? I'm not talking about bugs (which could happen), but more on control plane impact.

So my understanding is, that ERSPAN is simply GRE encapsulation with some ERSPAN header after the GRE header, followed by the mirrored data. If the switch performs GRE encapsulation in software, this means trouble right? Your control plane could melt. Of course the SPAN session itself consumed bandwidth and battles with production traffic. This is why QoS is important (e.g. put ERSPAN into the scavenger class).

From my understanding, the Cat9300, 9500 and 9600 performs GRE (and therefore ERSPAN) in hardware. So you shouldn't run into control plane issues, right?

Reza Sharifi · ‎04-08-2020

Hi,

According to the config guide:

All ERSPAN replication is performed in the hardware. The supervisor CPU is not involved.

So, I don't an issue with CPU overload or anything else when it comes to configuring ERSPAN.

link:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_...

HTH

Johannes Luther · ‎04-08-2020

Hi @Reza Sharifi

This is Nexus 9000 you're referring to. I was wondering about Cat9000

Reza Sharifi · ‎04-08-2020

Hi,

Sorry about that. Looking at the config guide for the 9300, I don't see anything about CPU spikes or any other control plane issues in the restriction section that could cause problems when configuring RSPAN.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/nmgmt/b_166_nmgmt_9300_cg/b_166_nmgmt_9300_cg_chapter_0100.html#reference_5323577C93FF44B48D6EE79AAFC6724F

RSPAN

The restrictions for RSPAN are as follows:

RSPAN does not support BPDU packet monitoring or other Layer 2 device protocols.
The RSPAN VLAN is configured only on trunk ports and not on access ports. To avoid unwanted traffic in RSPAN VLANs, make sure that the VLAN remote-span feature is supported in all the participating devices.
RSPAN VLANs are included as sources for port-based RSPAN sessions when source trunk ports have active RSPAN VLANs. RSPAN VLANs can also be sources in SPAN sessions. However, since the device does not monitor spanned traffic, it does not support egress spanning of packets on any RSPAN VLAN identified as the destination of an RSPAN source session on the device.
If you enable VTP and VTP pruning, RSPAN traffic is pruned in the trunks to prevent the unwanted flooding of RSPAN traffic across the network for VLAN IDs that are lower than 1005.
It is recommended not to configure RSPAN VLAN as Native VLAN.

Reza Sharifi · ‎04-08-2020

I think you will be fine. Also, once set up, I would monitor the switch for a few days to make sure there is nothing abnormal and it is functioning as expected.

Good Luck!

jmcgrady1 · ‎03-19-2024

I have erspan configured on a 9300 monitoring a number of vlans local to the switch. I found that when the destination IP the ERSPAN sends to became unavailable, the switch stopped passing traffic on the source vlans. Big impact.