Meraki

Community

MS225 multiple mirror source ports

Solved
bigkeoni64
Here to help
‎Jan 14 2022 5:02 PM
‎Jan 14 2022 5:02 PM

MS225 multiple mirror source ports

Hello

 

I currently have an 8 stack of MS225 switches with 2 different LAGs hitting the Firewalls. Since I can not mirror the AGG ports, I was thinking to mirror multiple source ports. Will there be switch CPU performance issues if I mirror all ports and I also mirror another switches ports to some other switch?

 

For instance can I mirror 48 ports on switch 2 of the stack to switch 1 port 48 of the stack, and at the same time mirror 47 ports to port 48 of itself? So that would equate to 95 ports being mirrored to Switch 1.

 

I am concerned about switch cpu performance.

 

Thank you

Labels:
0 Kudos
1 Accepted Solution
MerakiDave
Meraki Employee
Meraki Employee
‎Jan 14 2022 8:10 PM
‎Jan 14 2022 8:10 PM

Hi @bigkeoni64 while you could configure it like that, and I don't think there would be any major performance impact on the switch CPU to simply mirror/copy frames to the mirror destination, the issue is going to be one of major oversubscription and dropped frames on that mirror destination port.  Depending on what you're trying to accomplish or capture, you might need to consider an alternative like a Gigamon TAP or similar. 

View solution in original post

3 Replies 3
MerakiDave
Meraki Employee
Meraki Employee
‎Jan 14 2022 8:10 PM
‎Jan 14 2022 8:10 PM

Hi @bigkeoni64 while you could configure it like that, and I don't think there would be any major performance impact on the switch CPU to simply mirror/copy frames to the mirror destination, the issue is going to be one of major oversubscription and dropped frames on that mirror destination port.  Depending on what you're trying to accomplish or capture, you might need to consider an alternative like a Gigamon TAP or similar. 

In response to MerakiDave
bigkeoni64
Here to help
‎Jan 14 2022 11:33 PM
‎Jan 14 2022 11:33 PM

Hello @MerakiDave 

 

Much appreciated for your reply and could not agree with you anymore. Due to the lack of our customers funds we are forced to accept that packets will drop. I am glad to hear you say that it won't over-tax the CPU performance of the switch. We will be using Arctic Wolf TAPs, 5 of them, so I can TAP 5 out of the 8 switches. Plus there are a lot of phones so I can't see the traffic going that high.

 

Thank you Sir!

In response to bigkeoni64
MerakiDave
Meraki Employee
Meraki Employee
‎Jan 16 2022 9:14 PM
‎Jan 16 2022 9:14 PM

Hi @bigkeoni64 I won't say it's going to have zero impact on the CPU, while port mirroring is not completely CPU-bound, my concern is definitely with the oversubscription.  You'll have a point of diminishing returns.  So if you start mirroring ports 1-47 to port 48 for example, and then maybe another 48 ports from another switch in the same stack, on a very busy network by the time you start to notice a CPU/performance impact, the mirror destination port will be dropping so many frames it would have become rather useless anyway. 

 

Sounds like you already have a handful of TAPs you can leverage, please do, and I'd proceed with care on the port mirroring at that scale, perhaps first set it up on a subset of ports that represent your more critical devices. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.