We have a number of sites where we are using RSPAN over LAN-extension services for mirroring Voice VLAN traffic to a centralised voice recorder.
Across the sites and the core network we have configured one RSPAN VLAN. On each edge switch we are capturing voice vlan traffic (rx and tx) and setting the monitor session destination as the RSPAN VLAN. In the core, we use the RSPAN VLAN as a monitor session source and map it onto a physical destination port (where the voice recorder resides).
(The edge switches are 3750s, and the core is a 6509 switch with Sup720 srunning IOS 12.2(18)SXD7b).
What we are seeing is heavy utilisation on the remote site LES links and it appears to be RSPAN VLAN traffic replicated across all trunks, not just the traffic sourced from the local site and significant inbound traffic on VLAN 900 at the edge switches, which I wouldn't expect to see (we've temporarily pruned the RSPAN VLAN from a edge site trunk and seen the inbound traffic levels fall). If an RSPAN VLAN is common across a number of edge switches (because they all require RSPAN), will traffic be replicated across all trunks?
We had considered using an RSPAN VLAN per remote site, but different RSPAN source VLANs cannot map to a single physical destination port in the core.
The voice VLAN is different at each site. The core switches are VTP servers and the edge switches are configured as VTP Transparent. VLANs are manually configured on both sides of the trunk links. Some sites are dual connected to the two core switches; other have a single connection and we are seeing the same behaviour.
One of the sites is not yet using IPT, but we are receiving about 7-8Mbps of traffic at the edge switch. If we prune the RSPAN VLAN from the trunks on the core switches, the inbound traffic on this edge switch drops to less than 1Mbps (about normal utilisation).
It does appear that the RSPAN traffic from one site is being sent towards other sites, and I am trying to understand whether this is normal behaviour, a configuration issue or a bug. There are no obvious bugs for the IOS code we're running on the Sup720s relating to RSPAN.
Thanks for that, but it appears that only a single RSPAN VLAN can be specified in the monitor session source. Similarly I can't create multiple sessions (one for each RSPAN VLAN) which have a common monitor session destination.
The answer to this behaviour may be because, as specified in this document under the RSPAN VLAN section, it states that "All Traffic in the RSPAN VLAN is always flooded." and "No MAC learning takes place on the RSPAN VLAN":
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...