I will like to check with you on these:
1) SSH
- is it possible to authenticate using signed digital certificate instead of using passphrase?
- how do I go about configurate it?
2) SFlow
- able to specific sflow to go out via a specific vlan (eg going out via prod vlan instead of mgmt vlan)
- will sflow take up alot of resource (eg ram, CPU)?
- what will happen when there are a lot of traffic, will it chock up the bandwidth / impact the network?
- anyway to configure QoS on the traffic for sflow inorder not to chock up the bandwidth?
Queries on SSH and sflow
Re: Queries on SSH and sflow
Quick answer:
1) yes - you will find the answer in the switch management guide
2) No - not a good idea. You can configurge per service the source interface (this is only the SA-IP in the packets). But this needs an ip interface within the prod vlan.
No - sflow is done in hardware. In one sflow packet there are the headers of a lot of "user" packets. You have do decide how many user packets (f.e. every 128th) and the copied part of the packet (f.e. first 128 Byte) will be sent to the receiver.
Qos is possible with normal rules.
BR Silvio
1) yes - you will find the answer in the switch management guide
2) No - not a good idea. You can configurge per service the source interface (this is only the SA-IP in the packets). But this needs an ip interface within the prod vlan.
No - sflow is done in hardware. In one sflow packet there are the headers of a lot of "user" packets. You have do decide how many user packets (f.e. every 128th) and the copied part of the packet (f.e. first 128 Byte) will be sent to the receiver.
Qos is possible with normal rules.
BR Silvio
-
Danela
Re: Queries on SSH and sflow
Hi Silvio,silvio wrote: ↑19 Jan 2023 06:09 Quick answer:
1) yes - you will find the answer in the switch management guide
2) No - not a good idea. You can configurge per service the source interface (this is only the SA-IP in the packets). But this needs an ip interface within the prod vlan.
No - sflow is done in hardware. In one sflow packet there are the headers of a lot of "user" packets. You have do decide how many user packets (f.e. every 128th) and the copied part of the packet (f.e. first 128 Byte) will be sent to the receiver.
Qos is possible with normal rules.
BR Silvio
1) Noted with thanks.
2) Noted, there will be a mgmt ip address for the prod vlan.
So sflow will be process by the asics chip instead of being send to the CPU or RAM?
So QoS will be based on the source IP address (Mgmt)?
Re: Queries on SSH and sflow
Hi,
So sflow will be process by the asics chip instead of being send to the CPU or RAM? - correct
So QoS will be based on the source IP address (Mgmt)? - you need to try your command and will see if they are matching/working.
So sflow will be process by the asics chip instead of being send to the CPU or RAM? - correct
So QoS will be based on the source IP address (Mgmt)? - you need to try your command and will see if they are matching/working.
-
Danela
