03-15-2007 04:55 AM - edited 03-05-2019 02:55 PM
Hi,
We have a number of sites where we are using RSPAN over LAN-extension services for mirroring Voice VLAN traffic to a centralised voice recorder.
Across the sites and the core network we have configured one RSPAN VLAN. On each edge switch we are capturing voice vlan traffic (rx and tx) and setting the monitor session destination as the RSPAN VLAN. In the core, we use the RSPAN VLAN as a monitor session source and map it onto a physical destination port (where the voice recorder resides).
So, at the edge sites we have:
monitor session 1 source vlan <VOICE VLAN>
monitor session 1 destination remote 900
At in the core, we have
monitor session 1 source remote vlan 900
monitor session 1 destination interface fastEthernet 8/19
(The edge switches are 3750s, and the core is a 6509 switch with Sup720 srunning IOS 12.2(18)SXD7b).
What we are seeing is heavy utilisation on the remote site LES links and it appears to be RSPAN VLAN traffic replicated across all trunks, not just the traffic sourced from the local site and significant inbound traffic on VLAN 900 at the edge switches, which I wouldn't expect to see (we've temporarily pruned the RSPAN VLAN from a edge site trunk and seen the inbound traffic levels fall). If an RSPAN VLAN is common across a number of edge switches (because they all require RSPAN), will traffic be replicated across all trunks?
We had considered using an RSPAN VLAN per remote site, but different RSPAN source VLANs cannot map to a single physical destination port in the core.
03-15-2007 05:01 AM
Do you have the same voice vlan across all the edge switches?
Please paste a brief network diagram
-amit singh
03-15-2007 05:20 AM
The voice VLAN is different at each site. The core switches are VTP servers and the edge switches are configured as VTP Transparent. VLANs are manually configured on both sides of the trunk links. Some sites are dual connected to the two core switches; other have a single connection and we are seeing the same behaviour.
03-15-2007 09:57 AM
One of the sites is not yet using IPT, but we are receiving about 7-8Mbps of traffic at the edge switch. If we prune the RSPAN VLAN from the trunks on the core switches, the inbound traffic on this edge switch drops to less than 1Mbps (about normal utilisation).
It does appear that the RSPAN traffic from one site is being sent towards other sites, and I am trying to understand whether this is normal behaviour, a configuration issue or a bug. There are no obvious bugs for the IOS code we're running on the Sup720s relating to RSPAN.
03-15-2007 12:27 PM
I may be wrong with this but I belive your problem is the 900 vlan which is present on each of the switches you have in the diagram.
Try this
543 SPAN to 901
544 SPAN to 902
545 SPAN to 903
Prune the 901 903 903 were they are not needed. Use these VLANs to carry the traffic to the switch were your recorder is connected
On that switch
monitor session 1 source remote vlan 901 902 903
monitor session 1 destination interface fastEthernet 8/19
03-15-2007 12:34 PM
Thanks for that, but it appears that only a single RSPAN VLAN can be specified in the monitor session source. Similarly I can't create multiple sessions (one for each RSPAN VLAN) which have a common monitor session destination.
03-20-2007 09:30 AM
The answer to this behaviour may be because, as specified in this document under the RSPAN VLAN section, it states that "All Traffic in the RSPAN VLAN is always flooded." and "No MAC learning takes place on the RSPAN VLAN":
This may well explain why all RSPAN VLAN x traffic is flooded to all switched which have VLAN 900 configured as an RSPAN VLAN and are connected to the core via a trunk carrying VLAN 900.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide