Posted on June 2, 2020 5:06 pm
 |  Asked by Farshid Hajizeinalabedin
 |  104 views
RESOLVED
0
0
Print Friendly, PDF & Email

Hello,

We have 2x Arista 7050-52 in MLAG mode and we have in mind to use port mirror from a source port channel to a destination port chanel and connect a server to that destination port channel and monitor traffic and detect ddos attacks,

so i want to know in heavy traffic and heavy pps and bps this solution doe snot cause any high cpu usages for my Arista Devices?

thank you.

0
Posted by Philippe Bureau
Answered on June 2, 2020 5:52 pm

Hello,

monitor session from one interface to another will not cause high CPU.  If you use the CPU as destination yes you could increase the CPU load but there are safe guards in place to limit the amount of data mirrored to the CPU.

thank you

0
Answered on June 2, 2020 6:13 pm

Hi Farshid.

If I understood well, your goal is to setup a monitor session to mirror traffic from one port-channel to another.

If this is the case, I would not expect any performance issues due to this configuration as the mirrored traffic will be sent out to an external host.

0
Answered on June 3, 2020 10:09 am

Hi,

yes exactly , i want to use monitor session feature to mirror traffic from port-channel x to port-channel y then connect a server to port-channe; y and analyze the traffic and detect ddos, but maybe is receive heavy traffic due to ddos attacks,

so is it ok and does not effect and cpu load or cause cpu spike?

thanks,

Post your Answer

You must be logged in to post an answer.