SPAN and Nexus / ACI platform caveats and limitations

First of all, there is no way I can make a complete, comprehensive list of caveats and limitations on all the different Nexus platforms and with all the different major revisions, modules and linecards. My aim is to capture some of the major gotchas and meaty details specific to each platform. For detailed guidelines and limitations, please see references end of end of the blog.

General limitations:

• Maximum of 32 source VLANs and 128 interfaces (both Ethernet and Port-Channels), or a mixture of both can be part of a SPAN.

Nexus 7000:

• with F1 and F2 linecards, the SPAN source throughput MUST NOT EXCEED the total bandwidth of the monitor interface, otherwise, traffic is dropped at the source!  In other words, if you are spanning 3 sources, from three 10 gbps sources, at 5 gbps throughput each, for a total of 15 gbps of throughput, but you are sending the traffic to a 10 gbps monitor interface, then, a total of 5 gbps of traffic at the three source 10 gbps interface will be dropped! This was a major gotcha, which caused production traffic to be dropped for many Nexus 7000 owners out there. Thankfully, this problem was resolved in F2e and F3 linecards.
• Active SPAN sessions: 14 on Nexus 7000, 16 on 7700 and 23 ERSPANs can be active at one time. (more can be configured, different limits on different platforms and software versions.)

Nexus 6000:

• 16 sessions can be active at one time. (more can be configured)
• SPAN-on-Drop and SPAN-on-Latency, two new types of SPAN sessions, can be configured on these platforms!
• FC and VFC interfaces can also be spanned

Nexus 5500:

• SPAN is rate-limited to 5 Gbps for every 8 ports (one ASIC).
• RX-SPAN is rate-limited to 0.71 Gbps per port when the RX-traffic on the port exceeds 5 Gbps.
• FC and VFC interfaces can also be spanned

Nexus 2000:

• On the FEX interfaces, RX traffic to can be part of SPAN, but not TX. Basically, only one direction can be SPANed, which is mostly useless
• To get around the above limitation, you can SPAN the FEX fabric (FET) uplink interfaces on the host Nexus 5000 or Nexus 7000 – which will include RX and TX for ALL FEX traffic. You may get more traffic than you wanted, but, at least you get both directions.
• FEX interfaces cannot be SPAN destinations

Nexus 1000v:

• Nexus 1000v has the least number of caveats/limitations. You can pretty much SPAN or ERSPAN anything up to the CPU/throughput limits of the ESXi hosts that the VEM (not the VSM) runs on. Nexus 1000v also has the advantage of supporting full Netflow (unlike other Nexus platforms which have very limited or no support). Depending on your requirements, NetFlow may fulfill your requirements if you don’t actually need to see the packets. General NX-OS limits metnioned above still apply.

ACI and Nexus 9000s:

• coming soon!

 

References:

http://docwiki.cisco.com/wiki/Cisco_NX-OS/IOS_SPAN_Comparison

Nexus 7000:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/system-management/guide/b_Cisco_Nexus_7000_Series_NX-OS_System_Management_Configuration_Guide/b_Cisco_Nexus_7000_Series_NX-OS_System_Management_Configuration_Guide_chapter_010100.html

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/verified_scalability/b_Cisco_Nexus_7000_Series_NX-OS_Verified_Scalability_Guide.html

Nexus 6000:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/system_management/6x/b_6k_System_Mgmt_Config_6x/b_6k_System_Mgmt_Config_602N11_chapter_01111.html

Nexus 5000:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_1_3_N2_1/Nexus5000_Release_Notes_5_1_3_N2.html

Nexus 2000:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus2000/sw/configuration/guide/rel_4_0_1a/NX2000CLIConfig/FEX-features.html

Nexus 1000v:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3/system_management/configuration/guide/n1000v_system/n1000v_system_9span.html