This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (Other)
- Port mirroring concerns on Enterasys S6
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Port mirroring concerns on Enterasys S6
Port mirroring concerns on Enterasys S6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-14-2015 04:14 PM
Forgive me if this has been asked before and/or is just a dumb question.
I'm working with a large installation that has been having regular network communication issues. They're using a wireshark-like device to which they've mirrored every port across their backbone, that's about 200 gigabits of throughput being mirrored to a single gig-ethernet port. My concern is what sort of performance impact would such a configuration have. I've been monitoring their interfaces and have yet to see any traffic rise beyond about 300 megabits and that was across 10 gig fiber. My suspicion is traffic is being constrained to fit that gig-e port. I've been watching the mirror source and have yet to see any discarded packets which I would expect to happen constantly given the disparity in bandwidth between the targets being mirrored. In the past I've seen devices wherein port mirroring would block when traffic across interfaces being mirrored reached the limits of the port mirrored to. While I doubt Enterasys behaves similarly unfortunately I know next to nothing about them and haven't been able to find a definitive answer. I suspect this is configuration dependent. Does anyone have a spare moment to school me in the ways of Enterasys port mirroring?
Here are some device details:
Copyright (c) 2013 by Enterasys Networks, Inc.
Slot Model Serial # Versions ------ ---------------- -------------------- ------------------------- 4 SK8008-1224-F8 ************ Hw: 2 Bp: 01.03.02 Fw: 08.11.02.0001 5 SK8008-1224-F8 ************ Hw: 2 Bp: 01.03.02 Fw: 08.11.02.0001 6 ST8206-0848-F8 ************ Hw: 1 Bp: 01.03.02 Fw: 08.11.02.0001 Option Modules: Slot Module Model Serial # Versions ---- ------ ---------------- -------------------- ------------------------- 6 2 SOT2206-0112 ************ Hw: 10
Port mirror config:
set port mirroring create ge.6.40 tg.4.1 both set port mirroring create ge.6.40 tg.4.2 both set port mirroring create ge.6.40 tg.4.3 both set port mirroring create ge.6.40 tg.4.4 both set port mirroring create ge.6.40 tg.4.7 both set port mirroring create ge.6.40 tg.4.8 both set port mirroring create ge.6.40 tg.5.19 both set port mirroring create ge.6.40 tg.5.20 both set port mirroring create ge.6.40 tg.5.21 both set port mirroring create ge.6.40 tg.5.22 both set port mirroring create ge.6.40 tg.5.23 both set port mirroring create ge.6.40 tg.5.24 both set port mirroring create ge.6.40 ge.6.33 both set port mirroring create ge.6.40 ge.6.34 both set port mirroring create ge.6.40 ge.6.35 both set port mirroring create ge.6.40 ge.6.36 both set port mirroring create ge.6.40 ge.6.37 both set port mirroring create ge.6.40 ge.6.38 both set port mirroring create ge.6.45 tg.4.1 both set port mirroring create ge.6.45 tg.5.1 both
Any info/advice is most appreciated, thanks!
I'm working with a large installation that has been having regular network communication issues. They're using a wireshark-like device to which they've mirrored every port across their backbone, that's about 200 gigabits of throughput being mirrored to a single gig-ethernet port. My concern is what sort of performance impact would such a configuration have. I've been monitoring their interfaces and have yet to see any traffic rise beyond about 300 megabits and that was across 10 gig fiber. My suspicion is traffic is being constrained to fit that gig-e port. I've been watching the mirror source and have yet to see any discarded packets which I would expect to happen constantly given the disparity in bandwidth between the targets being mirrored. In the past I've seen devices wherein port mirroring would block when traffic across interfaces being mirrored reached the limits of the port mirrored to. While I doubt Enterasys behaves similarly unfortunately I know next to nothing about them and haven't been able to find a definitive answer. I suspect this is configuration dependent. Does anyone have a spare moment to school me in the ways of Enterasys port mirroring?
Here are some device details:
Copyright (c) 2013 by Enterasys Networks, Inc.
Slot Model Serial # Versions ------ ---------------- -------------------- ------------------------- 4 SK8008-1224-F8 ************ Hw: 2 Bp: 01.03.02 Fw: 08.11.02.0001 5 SK8008-1224-F8 ************ Hw: 2 Bp: 01.03.02 Fw: 08.11.02.0001 6 ST8206-0848-F8 ************ Hw: 1 Bp: 01.03.02 Fw: 08.11.02.0001 Option Modules: Slot Module Model Serial # Versions ---- ------ ---------------- -------------------- ------------------------- 6 2 SOT2206-0112 ************ Hw: 10
Port mirror config:
set port mirroring create ge.6.40 tg.4.1 both set port mirroring create ge.6.40 tg.4.2 both set port mirroring create ge.6.40 tg.4.3 both set port mirroring create ge.6.40 tg.4.4 both set port mirroring create ge.6.40 tg.4.7 both set port mirroring create ge.6.40 tg.4.8 both set port mirroring create ge.6.40 tg.5.19 both set port mirroring create ge.6.40 tg.5.20 both set port mirroring create ge.6.40 tg.5.21 both set port mirroring create ge.6.40 tg.5.22 both set port mirroring create ge.6.40 tg.5.23 both set port mirroring create ge.6.40 tg.5.24 both set port mirroring create ge.6.40 ge.6.33 both set port mirroring create ge.6.40 ge.6.34 both set port mirroring create ge.6.40 ge.6.35 both set port mirroring create ge.6.40 ge.6.36 both set port mirroring create ge.6.40 ge.6.37 both set port mirroring create ge.6.40 ge.6.38 both set port mirroring create ge.6.45 tg.4.1 both set port mirroring create ge.6.45 tg.5.1 both
Any info/advice is most appreciated, thanks!
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-16-2015 08:17 PM
Of course, I could very well have it completely backwards, IE source is the port being mirrored and target is where the packets are mirrored out, but then I haven't the foggiest what this is trying to accomplish because it means traffic sent/received on ge.6.40 is being mirrored out a while bunch of other ports. Which makes more sense in terms of the wording and syntax but less in terms of why would anyone want to set up such a scenario.. Of course, I'm at the mercy of anyone who knows the answer definitively.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-16-2015 04:02 PM
Hi Mike, thank you for replying.
A Wireshark-like device hangs off ge.6.40. It has a second connection it uses to communicate the results of its data collection to a traffic analyzer from Riverbed. As far as I know mirrored packets don't make their way back on the network.
My concern is how does the Enterasys handle situations wherein the aggregate bandwidth being mirrored rises beyond the one gigabit available on ge.6.40. Does the S6 discard packets, buffer them, block on the mirrored ports to prevent overruns or some combination of the three? Also, considering "both" ingress and egress are being mirrored, there're likely a lot of packets being mirrored twice as they make their way through multiple mirrored ports.
It DOES appear one port is being mirrored to multiple other ports, but in fact it's the other way around. At least as best I've been able to determine. Apparently in Enterasys nomenclature the source port is the port packets are mirrored TO while the target ports are the ports that packets are mirrored from. For example:
show port mirroring Port Mirroring ============== Source Port = ge.6.40 Port Status = Up Target Port = tg.4.1 Port Status = Dormant Frames Mirrored = Rx and Tx Admin Status = enabled Operational Status = disabled (port not up) Source Port = ge.6.40 Port Status = Up Target Port = tg.4.2 Port Status = Dormant Frames Mirrored = Rx and Tx Admin Status = enabled Operational Status = disabled (port not up) Source Port = ge.6.40 Port Status = Up Target Port = tg.4.3 Port Status = Up Frames Mirrored = Rx and Tx Admin Status = enabled Operational Status = enabled
In this ge.6.40, the "source," is the port packets are duplicated to, while the other ports, the "targets," are duplicated from. I scratched my head on that one too. I guess target is the target port to mirror while source is the source port to mirror packets out of.
Thanks again for the reply.
A Wireshark-like device hangs off ge.6.40. It has a second connection it uses to communicate the results of its data collection to a traffic analyzer from Riverbed. As far as I know mirrored packets don't make their way back on the network.
My concern is how does the Enterasys handle situations wherein the aggregate bandwidth being mirrored rises beyond the one gigabit available on ge.6.40. Does the S6 discard packets, buffer them, block on the mirrored ports to prevent overruns or some combination of the three? Also, considering "both" ingress and egress are being mirrored, there're likely a lot of packets being mirrored twice as they make their way through multiple mirrored ports.
It DOES appear one port is being mirrored to multiple other ports, but in fact it's the other way around. At least as best I've been able to determine. Apparently in Enterasys nomenclature the source port is the port packets are mirrored TO while the target ports are the ports that packets are mirrored from. For example:
show port mirroring Port Mirroring ============== Source Port = ge.6.40 Port Status = Up Target Port = tg.4.1 Port Status = Dormant Frames Mirrored = Rx and Tx Admin Status = enabled Operational Status = disabled (port not up) Source Port = ge.6.40 Port Status = Up Target Port = tg.4.2 Port Status = Dormant Frames Mirrored = Rx and Tx Admin Status = enabled Operational Status = disabled (port not up) Source Port = ge.6.40 Port Status = Up Target Port = tg.4.3 Port Status = Up Frames Mirrored = Rx and Tx Admin Status = enabled Operational Status = enabled
In this ge.6.40, the "source," is the port packets are duplicated to, while the other ports, the "targets," are duplicated from. I scratched my head on that one too. I guess target is the target port to mirror while source is the source port to mirror packets out of.
Thanks again for the reply.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-16-2015 03:07 PM
Hello,
I would not expect a straightforward mirror over-subscription scenario to negatively effect traffic elsewhere on the switch or the network.
You mention mirroring every port across the backbone. Does mirrored traffic ever exit switch x and pipe to switch y's port?
Asked another way - does mirrored traffic in any case *not* go directly to the storage/analysis station?
It looks like you have a config for one mirror source to many mirror destinations here. Are we on the same page?
regards
-Mike
I would not expect a straightforward mirror over-subscription scenario to negatively effect traffic elsewhere on the switch or the network.
You mention mirroring every port across the backbone. Does mirrored traffic ever exit switch x and pipe to switch y's port?
Asked another way - does mirrored traffic in any case *not* go directly to the storage/analysis station?
It looks like you have a config for one mirror source to many mirror destinations here. Are we on the same page?
regards
-Mike
