On Tue, Jul 24, 2012 at 1:05 AM, Dale Shaw dale.shaw+j-...@gmail.com wrote:
- Is there a 'best practice' for CoS config (scheduler-map, mainly)
for analyser output interfaces? I don't really want any fancy queueing
on these ports.
I'd say it depends on what else you're doing with CoS on that switch,
though I think I remember reading somewhere that all analyzer frames
were handled as best effort.
- In the context of an analyser session, is loss-priority low (the
default) the best bet? Or high? I can't find any good references on
this - any KB articles either talk about VLANs as outputs (not
physical interfaces) or loss-priority is set to high in the example
without any explanation.
If your objective is to keep the mirrored frames from being dropped
then low would be better - though if it's going out a physical
interface then I don't know that it would matter. On a shared
interface (like what would be used when mirroring to a VLAN), frames
with loss priority set to high should be dropped first (so that
they're less likely to interfere with critical traffic).
More generally, has anyone gone to the trouble of tuning NICs in
probes/analyser targets? I would be grateful for any advice there,
too. Flow control seems to be an obvious one to disable in the 'send'
direction (from the probe's perspective).
If you're doing any TCP analysis then you'll probably want to disable
most of the offload features on the NIC. The way they reassemble the
segments plays hell with most tools - you end up seeing large
segments, weird ACKs, etc. On Linux boxes with Intel 82576 NICs I
use: ethtool -K $IFACE rx off tx off sg off tso off gso off gro off.
:w
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
