DEPLOYING REMOTE SWITCH PORT ANALYZER (RSPAN) SOLUTION
Introduction Customers have the need to monitor the traffic from source ports distributed over multiple switches in the network. Switch Port Analyzer (SPAN) is a great tool to enable customers to troubleshoot and monitor their switched networks. SPAN mirrors network traffic from one port to one or more monitoring ports on the local switch. The destination monitoring port could be attached to a network analyzer or another network device such as IDS.
Mirrored traffic can be mirrored to a local switch port – SPAN – or to a remote switch port which is known as RSPAN. Brocade FastIron switches support SPAN and RSPAN as described below.
SPAN:Switched traffic is mirrored from multiple ports to one or more ports within the same local switch facilitating exact packet capture on the destination port. For more information, please refer to port mirroring installation guide at www.brocade.com
Remote SPAN (RSPAN):This feature is an extension to SPAN and allows remote monitoring ports to be connected to a centralized switch which can monitor mirrored traffic from multiple source ports located on other switches in the network. This functionality requires the use of a dedicated VLAN for the RSPAN session. Traffic from source ports is mirrored to a local port from where it is forwarded to a remote switch with the centralized destination port which has an analyzer attached.
Brocade Solution --:
Brocade switches provide Remote SPAN functionality by using a dedicated RSPAN VLAN configuration on the switch. The traffic is mirrored on a local port and looped to another local port on the same switch. A dedicated RSPAN VLAN is configured and the port connected to the remote unit is tagged along with untagged lopped port. MAC-Learning is disabled on the mirror, loop and the remote switch connected interfaces. On the destination port the RSPAN VLAN is configured with remote interface tagged in it. The traffic can then be simply mirrored to the sniffer port which is added to the RSPAN VLAN as untagged.
Summary The traffic mirrored trough a Local SPAN feature can be remotely monitored on a connected switch with the RSPAN VLAN configuration on Brocade devices. SPAN and RSPAN features are critical to aid customers in troubleshooting network problems or to implement other functionality such as Intrusion Detection by forwarding a copy of all traffic received on a port or ports, to a centrally located IDS device. Brocade FastIron OS Provides the ability to monitor network ports on a local or remote switch by combining multiple features together to offer a RSPAN Solution.