Hi all,
I am having a project which involves sending local SPAN traffic to a security system. The Nexus are all NX-OS. The customer's current system looks like:
N9K01 ---(SPAN dst)--- FireEye APT
| ||
N9K02
The peer link allows all VLANs on the trunk.
As per my understanding, let's say if the traffic coming from a vPC, forwarded to another vPC is being mirrored:
- Are they losing the visibility of theoretically 50% of the traffic coming from the said vPC?
- If the traffic is sent through the peer link, it would not be forwarded out the other vPC member (loop avoidance). So does the the traffic get mirrored first or does it get dropped immediately on ingress of the peer link? Is it ever actually forwarded across the peer link?
The questions above have the assumption that the system is under normal operation, and no orphan ports are involved. I also have no direct configuration of the devices, only giving thoughts and advises.
Thanks in advance.
No comments:
Post a Comment