To analyze the network traffic by using switch free port

Tweet

When network congestion or other problems, we first need to analyze some of the data flow. Only on the basis of the analysis, we can get an antidote against the disease, solve problems quickly. Therefore, the author usually encountered in the switch failure, just like in the exchange of free port access to a detection tool, such as protocol analysis instrument. The protocol analysis instrument is directly connected to the switch of free port, so, don't interrupt the current service situation, you can view the switch in the broadcast domain. The network administrator can take to determine whether it is because the broadcast domain caused by too much network fault. However, in practical work, here is a small skills should pay attention to. As we all know, is the two layer switch equipment belonging to the network equipment, it will forward the broadcast domain, however, will not be forwarded to other traffic. That is to say, the switch is a broadcast domain, rather than a collision domain. So, the switch is almost not transmitting any valuable traffic to the monitor port. Exchange opportunities directly to the data traffic to its corresponding destination port. Often in these free port, protocol analysis instrument can only monitor the broadcast packet, and almost no other information flow. Because the free port (port forwarding to monitor) flow of almost all radio, including some sporadic destination address unknown frames. These small frame is due to the forwarding table aging results. Visible, if not done special treatment, in the free port even if connected to monitoring equipment, also can only find endless broadcast packets, and not capable of monitoring to other valuable information flow. But the most expensive monitoring equipment must also be in flow condition, can help the administrator to find the crux of the problem. In the flow condition is not valuable, these monitoring devices are also incapable of action. Therefore, we need to try various devices to the network administrator, but the free port, can also receive other port through traffic. At this point, port mirroring technology can help us solve this problem. Port mirroring refers to some port traffic backed up to a free port, free port has attempted to make the same information flow port. Cisco switches are basically have this technology. Cisco switches can monitor tool access to a free port specially treated. In earlier versions of Cisco, there may be restrictions on this port. But now in circulation on the market exchange, can be configured through a free port, port mirroring. However, also need to pay attention to a problem. Is the switch when forwarding traffic, in order to improve the forwarding efficiency, often put some error packet and information filtering. In peacetime, it could obviously improve the efficiency of the switch data forwarding. However, our network administrators in troubleshooting time, don't want to see this situation. Because these error messages may reflect the crux of the problem. If the network troubleshooting time, attention should be paid to the configuration of the switch changes. However, after troubleshooting is completed, should be timely to the parameters change. There are times in the monitoring of the mirror port, also need to pay attention to a packet loss problem. The ability to monitor the output port is often an important factor influencing the final debugging effect. Mirror port with the ordinary switch port, can, can also send. But in order to simplify the monitoring results, we in the mirror port, send data tend to turn off the monitor port packet function. To monitor only analyze information flow received. Although such a configuration, but the ability to receive port mirroring will still have relatively large limit. If the full duplex ports have been monitoring the rate and the mirror port is the same flower, the switch when forwarding traffic, port mirroring is easy to loss. Monitor port information flow. There may be more than the mirror port receiving capability. So, although in theory can take any free port as the mirror port. But in order to reduce the packet loss occurs, the network administrator in the preparation of mirror port, still need to have some choice. Such as to ensure that at least performance mirror port than monitored port high. So it can ensure that a correct result. So, in order to reduce the monitoring port the packet loss phenomenon, the author has two suggestions. One is not to a plurality of monitoring port information flow image to a port, it will worsen the packet loss. The two is in the choice of mirror port, the best choice of an idle port speed as a monitoring port. more information ,you can visit