On Tue, Jul 24, 2012 at 1:05 AM, Dale Shaw <dale.shaw+j-...@gmail.com> wrote: > - Is there a 'best practice' for CoS config (scheduler-map, mainly) > for analyser output interfaces? I don't really want any fancy queueing > on these ports.
I'd say it depends on what else you're doing with CoS on that switch, though I think I remember reading somewhere that all analyzer frames were handled as best effort. > - In the context of an analyser session, is loss-priority low (the > default) the best bet? Or high? I can't find any good references on > this - any KB articles either talk about VLANs as outputs (not > physical interfaces) or loss-priority is set to high in the example > without any explanation. If your objective is to keep the mirrored frames from being dropped then low would be better - though if it's going out a physical interface then I don't know that it would matter. On a shared interface (like what would be used when mirroring to a VLAN), frames with loss priority set to high should be dropped first (so that they're less likely to interfere with critical traffic). > More generally, has anyone gone to the trouble of tuning NICs in > probes/analyser targets? I would be grateful for any advice there, > too. Flow control seems to be an obvious one to disable in the 'send' > direction (from the probe's perspective). If you're doing any TCP analysis then you'll probably want to disable most of the offload features on the NIC. The way they reassemble the segments plays hell with most tools - you end up seeing large segments, weird ACKs, etc. On Linux boxes with Intel 82576 NICs I use: ethtool -K $IFACE rx off tx off sg off tso off gso off gro off. :w _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp