5 reasons why you should not use a permanent SPAN port - Part 2

Feb 06, 2018

Continuation of' 5 reasons why you should not use a permanent SPAN port - Part 1'.

  1. SPAN or RSPAN configurations are usually not trivial and require precise knowledge of the switch and the connected networks and their configuration. SPAN or RSPAN misconfigurations can have catastrophic consequences that can quickly lead to enterprise-wide outages.

  2. A switch is not completely transparent for all data packets, so it is not suitable as an optimal data source for monitoring tasks. For example, during troubleshooting it is necessary that corrupted data packets can also be forwarded and evaluated. However, with a switch, corrupted data packets (according to the RFC definition) are usually rejected on the receiving switch port. However, if you receive corrupted or damaged data packets on a network analyzer connected to a SPAN port, these can only be corrupted within the switch or the connection from the SPAN port to the network analyzer. This means that it is not possible to find a device that sends defective data packets behind a switch.

  3. Remote SPAN / RSPAN or ERSPAN configurations are even more critical than SPAN configurations that are limited to the local switch only. RSPAN sessions are cross-switch and deliver the data of one or more monitored source ports over the network and several other switches to a destination port. Not only the switches involved are burdened with additional non-productive data traffic, but also all network connections and other network infrastructure involved. The effects that this can have on the switches involved are identical to the problems described above. In addition, it should be noted that the available bandwidth in an enterprise network and the IT infrastructure involved (router, switch, firewall, etc.) is a limited and expensive resource that cannot be easily increased within a short period of time with justifiable effort. That is why this important resource should be used responsibly.

This should make it clear that switches should not be permanently occupied with additional tasks in addition to the actual function of correctly delivering the data packets to the end devices. Not only SPAN and RSPAN configurations are meant, but also such performance-hungry tasks as the generation of NetFlow data.

With our tailor-made network access solutions, we provide you with exactly the data you need to meet your specific requirements.

We free your IT infrastructure components from all non-productive traffic and offer 100% visibility without data loss.

Would you like to find out more?
Ask us your question here or give us a call.