Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > port monitoring

Reply
Thread Tools

port monitoring

 
 
stopnowgo
Guest
Posts: n/a
 
      06-21-2006
Does port monitoring cause a performance hit on a switch, especially if
several (or all) of the ports on the switch are monitored by one port?
We have no user complaints but do not fully understand what the port
monitor command does to the performance of a switch. We have Cisco
3548's. If performance is affected are there any commands that can show
us what is going on. Any help or suggestions is appreciated.

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      06-22-2006
In article <(E-Mail Removed). com>,
stopnowgo <(E-Mail Removed)> wrote:
>Does port monitoring cause a performance hit on a switch, especially if
>several (or all) of the ports on the switch are monitored by one port?


It depends on the switch design.

And of course if the total volume monitored exceeds the transmission
capacity of the monitoring port then you will have problems.

>We have no user complaints but do not fully understand what the port
>monitor command does to the performance of a switch. We have Cisco
>3548's. If performance is affected are there any commands that can show
>us what is going on. Any help or suggestions is appreciated.


show cpu would show the performance effects.

I don't recognize the 3548 model at the moment. Is it better known
as a 3548XL ? The 3500XL series is an older generation of switches
and I don't know anything about the internals.

On the newer Cat3550 and Cat3750, all the packets flow through a common
bus, with a bit set in the header for each port that is to receive the
packet, so there is no particular performance drop for monitoring
(except any involved in selecting which packets should be monitored)
as no extra copies of the packet get made on the bus.

 
Reply With Quote
 
 
 
 
stopnowgo
Guest
Posts: n/a
 
      06-22-2006
they are 3500XL's, here is some other info I gathered from the web. The
monitoring port should be the only thing to take a performance dive, by
dropping packets. Any thoughts on this? I thought maybe there was some
type of flow control? My setup is such that 1 etherent port is
monitoring 46 other ethernet ports(no all in use) minus the to ports
that tha sniffer is using. Let me know if you have any more info, Thanks

 
Reply With Quote
 
stopnowgo
Guest
Posts: n/a
 
      06-22-2006
they are 3500XL's, here is some other info I gathered from the web. The
monitoring port should be the only thing to take a performance dive, by
dropping packets. Any thoughts on this? I thought maybe there was some
type of flow control? My setup is such that 1 etherent port is
monitoring 46 other ethernet ports(no all in use) minus the to ports
that tha sniffer is using. Let me know if you have any more info, Thanks

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      06-22-2006
In article <(E-Mail Removed) .com>,
stopnowgo <(E-Mail Removed)> wrote:

Please quote context. Please see here for information on how to
do so from Google Groups: http://cfaj.freeshell.org/google/

>they are 3500XL's, here is some other info I gathered from the web. The
>monitoring port should be the only thing to take a performance dive, by
>dropping packets. Any thoughts on this? I thought maybe there was some
>type of flow control?


What is your interface flow-control set to?
http://www.cisco.com/univercd/cc/td/...1504.htm#16307


It is not uncommon on switches (and routers) that when a port is set to
be a monitoring port, that the device operating system turns off listening
on the port, so that what is output over the line is *only* the
monitored traffic. And besides, there is no certainty that the next
device down supports sending PAUSE frames.


Internally, if the traffic to be monitored arrives faster than the
rate at which packets can be transmitted through the monitoring port,
then packets will get buffered -- but there is a limit to the buffer size.
The switch is not going to send PAUSE frames to all the ports being
monitored to get them to stop sending long enough for the output queue
to drain: if it did that, then the monitoring would interfere with
the normal traffic. Besides, some of the monitored ports might be
half-duplex, and that doesn't support PAUSE frames; the switch could,
I suppose, deliberately send out collision signals on the port, but
if it did that, there would be a risk of "too many collisions" resulting
in the incoming packet being dropped (and if that happens too often,
then the sender might decide that the link is faulty and disable the
link...)

The easiest way to resolve all of this without interfering with the
normal switch traffic is for the monitoring port to buffer only
as much as it can, and for excess packets to be dropped. This does
mean that the received monitored traffic does not necessarily contain
all of the packets that passed through the switch, but really you
have to expect something like that if your monitoring port is not at
least as fast as the total traffic being monitored.

Also, you should be aware that if you are monitoring packets at
high throughput, that you either need a hardware monitoring
appliance designed for that purpose, or else you need a well
designed and tuned monitoring computer. For more on this topic, see
http://groups.google.ca/group/comp.p...31aa9b43cf2f4f

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 7200 - Monitoring VLAN membership per port via SNMP alanknipmeyer@yahoo.com Cisco 0 03-01-2006 04:08 PM
SNMP dest ip:port monitoring and alarm w/4000 router? joeblow Cisco 2 06-10-2004 02:37 PM
USB port monitoring erman Computer Support 0 12-09-2003 06:44 AM
Program for monitoring the serial port John T. C Programming 1 09-01-2003 01:31 PM
Parallel port monitoring Mark Daley Python 0 08-01-2003 04:38 PM



Advertisments