ERSPAN Installation
This section describes the ERSPAN installation for the Allegro Network Multimeter. ERSPAN is the abbreviation for Encapsulated Remote Switch Port Analyzer. It is switch feature that encapsulates traffic into an IP/GRE tunnel.
General
What is the ERSPAN mode
The ERSPAN is an advanced switch feature that encapsulates mirrored traffic into an IP and GRE packet. The full method is described in the RFC draft https://tools.ietf.org/html/draft-foschiano-erspan-03.
The advantage of the ERSPAN mode is that it can be routed via IP and the ERSPAN generator can be at a different location than the Allegro network Multimeter. This allows very simple captures of a low-bandwidth remote device when.
How should the ERSPAN mode be used
The ERSPAN quality depends on the switch performance and the bandwidth and latency between the switch and the Allegro. It will also add substantial load to the IP networks and can generate a packet storm when the ERSPAN packets themself are mirrored again into the ERSPAN tunnel.
See #Limitations for more details.
Where can I configure the ERSPAN mode
Please refer to you switch manual how to set up a switch ERSPAN channel.
The ERSPAN mode can be configured at Settings → Global Settings → Expert Settings → L3 Tunnel mode.
You can enable the ERSPAN mode in parallel to the In-Line Installation or Mirror Port, TAP and Packet Broker Installation for one or multiple ports. Please be aware that the ERSPAN cannot work in parallel with the bridge mode for such a port.
Data Plane Ports of Allegro Network Multimeters
Devices with built-in Network Ports
The Allegro 200, 500, 1000, 1200, 3000 and 3200 have built-in physical network ports.
| Device | Picture | Number of Monitoring Ports | Remarks |
| Allegro 200 |  |
2 | |
| Allegro 500 |   |
4 | |
| Allegro 1000 Allegro 3000 |
 |
7 | Can be extended by extension cards. |
| Allegro 1200 Allegro 3200 |
 |
7 | Can be extended by extension cards. |
| Allegro x300 Allegro x500 |
none | The Allegro x300 and x500 series do not have built-in network ports, see section extension cards below. |
Devices with port extension cards
All Allegros with network card extension slots support the Mirror Port Mode. All extension cards have either 2 or 4 network ports.
Bypass extension cards
The bypass cards for the Allegro Network Multimeter deliver a fail-over when the software bypass is not active in Bridge Mode ( see In-Line Installation for more details ). The bypass is deactivated when the When the Mirror Port Mode / Sink Mode is active.
Grouping of multiple Links ( Trunk vs. separate links )
By default, the Allegro processes all incoming traffic as one big pipe and it does not use the port as an criteria to separate links. If you have connected separate links at the Allegro, please use the virtual link grouping feature to specify which ports belong together.
This feature can also be used to forward multiple links with a packet broker to one Allegro port with VLANs as a separation.
Limitations
Switch Limitations
Please be aware that the Allegro Network Multimeter can only analyze packets that have been forwarded by the switch port. Please also be aware that the exact packet timing and ordering depends on the switch implementation. Allegro recommends the installation of a TAP to prevent any switch side effects.