I'm attempting to create an erspan session between a Nexus 5000 and 6500 to get traffic from a FEX interface on the 5000 over to a sniffer off of the 6500. The Nexus and 6500 are directly connected with a 10G link, but I added a separate 1G link between the two for the erpsan traffic. I created a routed interface on the 6500, and and SVI on the Nexus. The Erspan session came up, and looked ok from both sides, but as soon as we got a burst of traffic this morning the CPU on the 6500 spiked to 99%. I used 'debug netdr capture rx' to determine the traffic was coming in from the erspan port and subsequently shut down the new interface on the 6500. Any ideas why this caused a CPU spike? Here are the relevant configs from each device:
vrf context NetOps !
vrf member NetOps
ip address 10.7.9.11/24
switchport access vlan 123
monitor session 1 type erspan-source
destination ip 10.7.9.2
source interface Ethernet101/1/9 tx
monitor erspan origin ip-address 10.7.9.11 global
And the 6500:
ip address 10.7.9.2 255.255.255.0
no logging event link-status
shutdown <--Added to kill the erspan session quickly.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...