Re: Linux and switch problem???

[Jim Burwell <jimb () broadvision com>]

OOPS.  Just read this after I sent my reply to your previous post Twig. 
I see why spanning a 29XX/35XX could cause problems with high traffic 
rates.  I wasn't aware how the 'switching fabric' architecture worked 
(basically copies packets into shared memory and signals other ports to 
forward those packets).  I guess the shared memory buffers can get 
filled up if your monitor port can't pull the data fast enough for your 
buffer not to get filled.  This can lead to 'slow downs' (and I assume 
dropped packets) on the ports which you're monitoring.  Ack.  Luckily, 
the traffic on the monitored port won't come close oversubscribing the 
monitor port, even when both directions are considered (monitored port 
is FD).

- Jim

twig les wrote:

> K, I don't know Extreme, but check this out before
> migrating to the 2912:
>
> http://www.cisco.com/warp/public/473/41.html#archXL
>
> As for the snort box doing any voodoo, I don't buy it.
> If there's a problem then it's on the switch and
> simply putting the switch config back to pre-slowdown
> config and seeing if the problem goes away should do
> it.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users