Hi r/networking,
We are to implement a new Cisco ACI fabric as a replacement for a core DC network.
As per previous experience, Cisco ACI doesn't really play well in terms of mirroring traffic to the other security appliance as:
- All endpoints are now connected to different leaves (6 leaves to be exact), instead of centrally at one or two core (I know, it's a small setup).
- Local SPAN therefore requires the other appliance to have as many ports as the number of leaves (as they used Local SPAN with source VLAN on their core), which our NS5200 and LogRhythm are short of.
- ERSPAN (used by Tenant SPAN, which is the most appropriate match for the traditional Source VLAN SPAN) might not be supported by the security appliance (hence the title)
So, does these two appliances support ERSPAN at all? Or do I have to rely on an external switch or packet broker for decapsulating the ERSPAN traffic then push the raw data to the appliances?
Thanks in advance.
No comments:
Post a Comment