|
|
|
When using applications that rely on specific traffic types, such as Application Delivery Analysis or GigaStor, filter the traffic to reduce volume as much as possible. Several technologies can help you limit the amount of data sent to monitoring applications.
A VSPAN is a SPAN port that uses a VLAN or multiple VLANs as the source. All the ports in the source VLANs are the source ports. If both ingress and egress are configured, packet duplication occurs each time packets are switched on the same VLAN. Use VSPANs to forward relevant traffic to the appropriate SPAN port and remove unnecessary packets. Otherwise, the captured VLAN traffic traverses multiple physical interfaces, which creates duplicate traffic.
Do not set up VSPAN sessions on your core switches. Instead, set up VSPAN sessions on your access-layer switches where packets are duplicated as they pass between switches at each layer.
A VACL is an Access Control List applied to a VLAN. All packets that enter the VLAN are verified against the rules in the list, such as packet type or destination. A VACL limits the amount of data sent over the SPAN port by denying certain types of data. VACLs are supported on Cisco 6500 Series switches.
A VACL filters unneeded traffic so that it is not sent to the SPAN port. A VACL allows you to filter by protocol.
Note: We recommend that multiple people review VACL configurations. The review helps to prevent misconfiguration that can result in dropped traffic. We also recommend that you test a VACL in a lab environment before applying it to a production environment.
RSPAN is an alternative method for monitoring multi-tier application traffic. RSPAN captures the traffic on one switch, mirrors it to a VLAN, and forwards the traffic to destination ports for analysis. Coupling this technology with Layer 2, 3, and 4 security provided by VACLs gives Application Delivery Analysis visibility into various applications without overloading the switch port. The RSPAN scenario spans the proper VLANs to the capture port while the VACL limits the captured traffic to prevent overloading of the switch port. You can use this technique to enable duplicate packet filtering to help ensure accurate results in Application Delivery Analysis.
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |