Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2941
Views
0
Helpful
7
Replies

Nexus 7000 span session

seba
Level 1
Level 1

‎06-25-2012 12:54 AM - edited ‎03-07-2019 07:25 AM

Hello

We have 2 datacenters witch 2 Nexus 7000 in each one.

Both NX7000 on the same DataCenter have 4x10G links (Channel 1). There's also a VPC betwen DataCenters witch another 4 x 10G links.

NEXUS 1  ----- NEXUS 3

| | | |         \   /     | | | |

| | | |          \ /      | | | |

| | | |          / \      | | | |

| | | |         /    \    | | | |

NEXUS 2 ----- NEXUS 4

The system works fine. But we have suffered twice a severe rate of packet loss that has caused a huge impact.

The only information we have been able to find is a big rate of discarded packets in the interfaces that belogn to ther Inter-DataCenter VPC.

Both times we had just activated a span session on each Nexus 7000:

monitor session 1

  description FLUKE_SPAN

  source vlan 25-26,46,48,50-52,55-56,93-95,98,101,103,109,291,801-802 both

  destination interface Ethernet1/32

Is there any consideration regarding span sessions that we ignore?

We've been working witch Catalyst 6500 for the last 10 years and the Nexus 7000 have been installed only a couple of weeks ago.

Labels:
0 Helpful
7 Replies 7

Oleksandr Nesterov
Cisco Employee
Cisco Employee

‎06-25-2012 05:04 AM

Hello Seba

I would suggest you to open a service request with TAC to investigate this issue deeper, since there may be many reasons for such behavior.

For example CSCtl06627

HTH,

Alex

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎06-25-2012 05:18 AM

  Also spanning that many high speed vlans is probably not a good idea either . 

0 Helpful

seba
Level 1
Level 1
In response to glen.grant

‎06-25-2012 05:43 AM

Probably it isn't the best idea, but we need it. And it used to work fine with the Catalyst 6500 which is supposed to be quite less powerful.

Thanks

0 Helpful

mikegrous
Level 3
Level 3

‎06-25-2012 09:01 AM

Do you have the command Switchport Monitor under int Eth 1/32...

And int eth 1/32 isnt an uplink port is it?

0 Helpful

seba
Level 1
Level 1
In response to mikegrous

‎06-26-2012 12:51 AM

interface Ethernet1/32

  description FLUKE SPAN-P5

  switchport monitor

0 Helpful

mikegrous
Level 3
Level 3
In response to seba

‎06-26-2012 04:41 AM

If you span only 1 vlan does it still cause issue?

If you span to another device..say a laptop with wireshark.. does it still cause the issue?

0 Helpful

jasonpresnell
Level 1
Level 1

‎06-26-2012 09:59 PM

I would agree also that this probably isn't the best idea. I'm assuming the time machine is 10G connected. What is the traffic profile of those VLANs? You also didn't detail which ports are connected to which modules. This smells of ASIC oversubscription to me. You might have just gotten lucky with the Catalyst deployment (or perhaps your traffic profile shifted with the enhanced environment).

Some alternatives you might want to think about:

  • Use TAPs on the links you wish to monitor. If your end capture device doesn't have the port density to handle the number of links, think of a packet aggregator from someone like Gigamon or Apcon. You say this is important, the investment may be wise.
  • In newer releases of code, you can apply ACL lists to a SPAN session (5.2) or if you want to rearchitect for ERSPAN this can be done in 5.1. If you go with bullet #1, you can do that at the aggregation device. This will allow you to squelch any traffic you are not interested in, taking the burden off the module as well as your capture device. It's equivalent in the catalyst world of an RSPAN+VACL setup.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card