Solved

port mirroring and performance

Posted on 2009-05-06
2
948 Views
Last Modified: 2012-05-06
we're installing an IDS here and need to do port mirroring on two modules on our core switch. How much impact am I looking at? is there an easier/better way to do this?


thanks
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 10

Accepted Solution

by:
ngravatt earned 500 total points
ID: 24316108
there is not significant performance impact.  I use the port mirroring on my core switches, which or Cisco 6509s.  I almost always have two mirroring sessions running.  One is used for IDS and one is used to span all traffic over to another monitoring device.  Cisco limits the number of span sessions to two.

Looking at my 6509 right now, the CPU is less than 10% and the memory usage is about 110 megs.

The only other way to do this is to put your IDS inline or use a hub.  A hub will send all traffic received to all ports.  If you have a connection to your ISP router, then you can take that cable out of you ISP router and plug it into a 4 port hub.  Use one of the ports to complete the connection to your ISP router, then you can take another port and connect it to your IDS device.

There are also some other 3rd party devices that do the same exact thing.  I look into these in the past though, and they were not cheap.
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 24316116
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following recovery method will work on All Cisco Switchs that run ISO software. You will need a good copy of the IOS version you want you use saved on your PC and a Com's Cable. The software for these switches comes as a .tar file. Tar is …
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question