[Snort-users] Linux and switch problem???
jimb at ...6373...
Fri Jul 19 13:45:09 EDT 2002
OOPS. Just read this after I sent my reply to your previous post Twig.
I see why spanning a 29XX/35XX could cause problems with high traffic
rates. I wasn't aware how the 'switching fabric' architecture worked
(basically copies packets into shared memory and signals other ports to
forward those packets). I guess the shared memory buffers can get
filled up if your monitor port can't pull the data fast enough for your
buffer not to get filled. This can lead to 'slow downs' (and I assume
dropped packets) on the ports which you're monitoring. Ack. Luckily,
the traffic on the monitored port won't come close oversubscribing the
monitor port, even when both directions are considered (monitored port
twig les wrote:
>K, I don't know Extreme, but check this out before
>migrating to the 2912:
>As for the snort box doing any voodoo, I don't buy it.
> If there's a problem then it's on the switch and
>simply putting the switch config back to pre-slowdown
>config and seeing if the problem goes away should do
More information about the Snort-users