Best Practices for Application Delivery Analysis

Application Delivery Analysis monitors specific types of traffic. Filter the traffic to reduce volume as much as possible.

Access-layer switches carry the application (TCP) data that Application Delivery Analysis monitors.
Use port SPAN and source only from the ports that are directly connected to servers of interest.
Use VACLs to allow only TCP traffic. If you are unsure which ports your applications run on, use server IP addresses. After Application Delivery Analysis identifies the application ports, modify the VACL to allow only the ports that Application Delivery Analysis monitors.
Apply destination filtering or capture port filtering to specify which VLANs exit a destination or capture port. Use this type of filtering on a distributed Application Delivery Analysis system to send VLANs to different collection devices with a single session. One SPAN session can have multiple destination interfaces.
When you use two core switches to load-balance a server, assign the server to the two Application Delivery Analysis monitors mirrored off each switch. Application Delivery Analysis combines the metrics from both monitors when reporting the traffic. For information about assigning a server to more than one monitor feed, see the CA Application Delivery Analysis Administrator Guide or online help.
Do not feed traffic that is captured on either side of a firewall to the same Application Delivery Analysis monitor. The firewall may disrupt the order of the TCP sequence numbers, making it impossible for Application Delivery Analysis to correlate associated sequences.

More information: