[wplug] Switch recommendation

Janos Dohanics web at 3dresearch.com
Fri May 21 09:13:39 EDT 2010 

On Fri, 21 May 2010 08:42:25 -0400
Bill Moran <wmoran at potentialtech.com> wrote:

> On Thu, 20 May 2010 22:03:50 -0400
> Janos Dohanics <web at 3dresearch.com> wrote:
> 
> > On Thu, 20 May 2010 11:54:05 -0400
> > Bill Moran <wmoran at potentialtech.com> wrote:
> > 
> > > On Thu, 20 May 2010 10:57:39 -0400
> > > Janos Dohanics <web at 3dresearch.com> wrote:
> > > > 
> > > > When tried to configure port mirroring, the host designated to
> > > > capture packets lost all connectivity - I could no longer ping
> > > > anything from this host or ping this host from any other.
> > > > Netgear tech support told me that this was normal (?).
> > > 
> > > Yes.  This is normal.  The mirrored port can't be used as a normal
> > > port as well [...]
> > 
> > Thank you all - Bill, why is it that the capturing NIC can receive
> > either the mirrored packets or it's own normal traffic, but not
> > both?
> 
> I don't know for sure.  In theory, it _could_ do both.
> 
> If I had to guess, I would guess that it's a resource/performance
> issue. Most people don't think about it, but a switch does have a CPU
> and memory, and both of those have to be very efficient.  I mean, who
> even considers switching latency?  If a switch can't move packets
> fast enough to be transparent on the network, nobody's going to buy
> it.  As a result, a mirror port probably disables all of the normal
> collision domain checks and simply receives all packets.  If you have
> to make it do that _and_ still participate as part of a collision
> domain, your switching code becomes more complex, and probably
> slower.  The memory requirements may increase as well.  If that
> results in a switch that drops packets or incurs significant latency,
> you've now got a product that's going to be returned or incur
> significant cost in support calls.
> 
> The other option is to put a faster CPU and more memory in the
> switch, at which point you've got something that uses more power,
> needs fans and more serious cooling, costs more, etc ...
> 
> Another thought ... a mirror port could easily be using the full
> 100mb/sec at any time.  In fact, on a high quality switch, the
> required bandwidth could exceed 100mb/sec (if you have 3 streams
> going near 100mb/sec each, your mirror port has to send 300mb/sec of
> data ...)  Why on earth would you _want_ to use that for data as well?
> 
> Again ... I'm just speculating.
> 
> -Bill

Makes sense... thank you.

Janos Dohanics
<web at 3dresearch.com>

More information about the wplug mailing list