[Oisf-users] Anybody using VLAN RSPAN ?
Duarte Silva
duarte.silva at serializing.me
Thu May 9 13:28:33 UTC 2013
Hi,
one of the problems with port mirroring (SPAN) is that you're allways limited
by the speed of the port to where you're copying the traffic too. For example,
if you're mirroring 4 ports that in total are handling 3,5 Gbps of traffic and
copying that traffic to a 1 Gbps port, you will observe packet loss (2,5 Gbps of
it).
The port to where the traffic is copied allways needs to be able to handle all
the traffic of all the other ports together. Note that the Suricata server also
needs to have a network card that is able to handle those loads.
Best regards,
Duarte Silva
On Thursday 09 May 2013 15:10:32 Travel Factory S.r.l. wrote:
> We are using VLAN RSPAN to mirror traffic but we are having packets
> drop on the switches (not on suricata server) and can't understand
> why.
> So I'm looking for somebody that succesfully uses VLAN RSPAN to know
> which traffic load he can achieve.
>
> Thanks
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list